Lucene search
K

107 matches found

RedhatCVE
RedhatCVE
added 2021/11/04 6:56 p.m.28 views

CVE-2021-21698

An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...

7.5CVSS8.3AI score0.02073EPSS
Exploits0References4
Prion
Prion
added 2021/11/04 5:15 p.m.17 views

Code injection

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent...

5CVSS8.3AI score0.02073EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/04 4:30 p.m.158 views

CVE-2021-21698

CVE-2021-21698 affects Jenkins Subversion Plugin up to version 2.15.0. The issue arises because the plugin does not restrict the file name when resolving the subversion key file on the controller from an agent, enabling path traversal to read arbitrary files on the Jenkins controller when an atta...

7.5CVSS8.3AI score0.02073EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.2 views

PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...

7.5CVSS8.4AI score0.02073EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/11/04 12:0 a.m.3 views

Jenkins 路径遍历漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Subversion Plugin in version 2.15.0 and earlier has a path traversal vulnerability that stems from the fact that...

7.5CVSS5.6AI score0.02073EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2021/03/03 12:28 p.m.10 views

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

6.5CVSS7.1AI score0.01478EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/02/03 9:46 a.m.12 views

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

6.5CVSS7.1AI score0.01478EPSS
Exploits0References5
Veracode
Veracode
added 2021/01/21 8:57 a.m.32 views

XML External Entity (XXE)

jenkins-2-plugins is vulnerable to XML external entity XXE attacks. The vulnerability exists because of a flaw was found in the subversion Jenkins plugin that was not configured properly to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and ha...

6.5CVSS3.8AI score0.01478EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2021/01/20 4:38 a.m.8 views

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

6.5CVSS7.1AI score0.01478EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/01/18 4:4 p.m.3 views

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

6.5CVSS7.1AI score0.01478EPSS
Exploits0References5
CNVD
CNVD
added 2020/11/09 12:0 a.m.2 views

CloudBees Jenkins Subversion Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A code issue vulnerability...

6.5CVSS8AI score0.01478EPSS
Exploits0References1
NVD
NVD
added 2020/11/04 3:15 p.m.28 views

CVE-2020-2304

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.5CVSS6.4AI score0.01478EPSS
Exploits0References2
Prion
Prion
added 2020/11/04 3:15 p.m.23 views

Xxe

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

4CVSS6.7AI score0.01478EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/04 2:35 p.m.184 views

CVE-2020-2304

CVE-2020-2304 affects Jenkins Subversion Plugin

6.5CVSS6.4AI score0.01478EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.3 views

PT-2020-15534 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.13.1 and earlier Description: The issue arises from the Jenkins Subversion Plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers who can control an agent...

6.5CVSS6.3AI score0.01478EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/09/09 3:23 p.m.3 views

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS7AI score0.0093EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/29 2:37 p.m.5 views

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS7AI score0.0093EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/17 10:38 p.m.3 views

jenkins-subversion-plugin: XSS in project repository base url

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS7AI score0.0093EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.6 views

PT-2020-15413 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the repository URL field form validation...

6.1CVSS5.8AI score0.06189EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2020/04/08 8:16 p.m.33 views

CVE-2018-1000111

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.3CVSS5.9AI score0.00914EPSS
Exploits0References2
Rows per page
Query Builder