107 matches found
CVE-2020-2111
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...
CloudBees Jenkins Subversion Release Manager Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . Subversion Release Manager Plugin is used ...
CloudBees Jenkins Subversion Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Subversion Plugin is a U.S. CloudBees company based on Java development of continuous integration tools in the version control system plugin . A cross-site scripting vulnerability exists in version 2.13.0 and earlier of the Subversion Plugin in CloudBees Jenkins. The vulnerabili...
CVE-2020-2111
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2111
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2111
CVE-2020-2111 affects the Jenkins Subversion Plugin (versions ≤ 2.13.0). The vulnerability is a stored cross-site scripting (XSS) in the Project Repository Base URL field validation due to improper escaping of error messages. The issue is fixed in Jenkins Subversion Plugin 2.13.1, which escapes t...
PT-2020-15318 · Jenkins · Jenkins Subversion Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.13.0 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the error message for the Project Repository Base URL field form validation is not...
CloudBees Jenkins Subversion Plugin Information Disclosure Vulnerability
CloudBees Jenkins Subversion Plugin is a U.S. CloudBees company based on Java development of continuous integration tools in the version control system plugin . A security vulnerability exists in the SubversionStatus.java and SubversionRepositoryStatus.java files in CloudBees Jenkins Subversion...
Information Disclosure Through Authorization Bypass
Jenkins Subversion Plugin is vulnerable to information disclosure through authorization bypass. The vulnerability allows users without Overall/Read permission to submit search queries to retrieve a list of user names and node names...
Authorization
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...
CVE-2018-1000111
CVE-2018-1000111 affects the Jenkins Subversion Plugin (versions 2.10.2 and earlier). The root cause is improper authorization in SubversionStatus.java and SubversionRepositoryStatus.java, enabling an attacker with network access to obtain a list of nodes and users. The vulnerability enables info...
CVE-2017-1000085
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...
Cross site request forgery (csrf)
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...
CVE-2017-1000085
CVE-2017-1000085 affects the Jenkins Subversion Plugin. The vulnerability arises when the Subversion plugin connects to a user-specified repository during form validation, bypassing Item/Configure permissions and allowing users with Item/Build permission (but not Item/Configure) to have the plugi...
CVE-2017-1000085
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...
jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...
CloudBees Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Subversion Plugin is a U.S. CloudBees company based on Java development of continuous integration tools in the version control system plugin . A cross-site request forgery vulnerability exists in CloudBees Jenkins Subversion Plugin version 2.8 and earlier. A remote attacker can...