Lucene search
K

107 matches found

RedhatCVE
RedhatCVE
added 2020/03/31 8:48 a.m.23 views

CVE-2020-2111

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS1.3AI score0.0093EPSS
Exploits0References4
CNVD
CNVD
added 2020/03/20 12:0 a.m.2 views

CloudBees Jenkins Subversion Release Manager Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . Subversion Release Manager Plugin is used ...

6.1CVSS6.3AI score0.0124EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/13 12:0 a.m.2 views

CloudBees Jenkins Subversion Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Subversion Plugin is a U.S. CloudBees company based on Java development of continuous integration tools in the version control system plugin . A cross-site scripting vulnerability exists in version 2.13.0 and earlier of the Subversion Plugin in CloudBees Jenkins. The vulnerabili...

5.4CVSS7.2AI score0.0093EPSS
Exploits0References1
NVD
NVD
added 2020/02/12 3:15 p.m.24 views

CVE-2020-2111

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS6.6AI score0.0093EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.23 views

CVE-2020-2111

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability...

6.2AI score0.0093EPSS
Exploits0References2
CVE
CVE
added 2020/02/12 2:35 p.m.129 views

CVE-2020-2111

CVE-2020-2111 affects the Jenkins Subversion Plugin (versions ≤ 2.13.0). The vulnerability is a stored cross-site scripting (XSS) in the Project Repository Base URL field validation due to improper escaping of error messages. The issue is fixed in Jenkins Subversion Plugin 2.13.1, which escapes t...

5.4CVSS5.3AI score0.0093EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.3 views

PT-2020-15318 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.13.0 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the error message for the Project Repository Base URL field form validation is not...

5.4CVSS6.1AI score0.0093EPSS
Exploits0References7
CNVD
CNVD
added 2018/03/27 12:0 a.m.13 views

CloudBees Jenkins Subversion Plugin Information Disclosure Vulnerability

CloudBees Jenkins Subversion Plugin is a U.S. CloudBees company based on Java development of continuous integration tools in the version control system plugin . A security vulnerability exists in the SubversionStatus.java and SubversionRepositoryStatus.java files in CloudBees Jenkins Subversion...

5.3CVSS6.7AI score0.00914EPSS
Exploits0References1
Veracode
Veracode
added 2018/03/14 1:25 a.m.22 views

Information Disclosure Through Authorization Bypass

Jenkins Subversion Plugin is vulnerable to information disclosure through authorization bypass. The vulnerability allows users without Overall/Read permission to submit search queries to retrieve a list of user names and node names...

5.3CVSS5AI score0.00914EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/03/13 1:29 p.m.20 views

Authorization

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5CVSS5.2AI score0.00914EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/03/13 1:29 p.m.18 views

CVE-2018-1000111

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.3CVSS5.4AI score
Exploits0References1
NVD
NVD
added 2018/03/13 1:29 p.m.35 views

CVE-2018-1000111

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.3CVSS5.1AI score0.00914EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/13 1:0 p.m.38 views

CVE-2018-1000111

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users...

5.4AI score0.00914EPSS
Exploits0References1
CVE
CVE
added 2018/03/13 1:0 p.m.82 views

CVE-2018-1000111

CVE-2018-1000111 affects the Jenkins Subversion Plugin (versions 2.10.2 and earlier). The root cause is improper authorization in SubversionStatus.java and SubversionRepositoryStatus.java, enabling an attacker with network access to obtain a list of nodes and users. The vulnerability enables info...

5.3CVSS5AI score0.00914EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/10/05 1:29 a.m.17 views

CVE-2017-1000085

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

6.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2017/10/05 1:29 a.m.19 views

Cross site request forgery (csrf)

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

4.3CVSS6.5AI score0.01031EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.90 views

CVE-2017-1000085

CVE-2017-1000085 affects the Jenkins Subversion Plugin. The vulnerability arises when the Subversion plugin connects to a user-specified repository during form validation, bypassing Item/Configure permissions and allowing users with Item/Build permission (but not Item/Configure) to have the plugi...

6.5CVSS6.4AI score0.01031EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.41 views

CVE-2017-1000085

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

6.7AI score0.01031EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/09/08 3:14 a.m.5 views

jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)

Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...

6.5CVSS6.5AI score0.01031EPSS
Exploits0References5
CNVD
CNVD
added 2017/07/24 12:0 a.m.4 views

CloudBees Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Subversion Plugin is a U.S. CloudBees company based on Java development of continuous integration tools in the version control system plugin . A cross-site request forgery vulnerability exists in CloudBees Jenkins Subversion Plugin version 2.8 and earlier. A remote attacker can...

6.5CVSS7AI score0.01031EPSS
Exploits0References1
Rows per page
Query Builder