Fedora: Security Advisory for subversion (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: subversion-1.14.3-5.fc40

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

GHSA-MR9J-QQJH-67F2 Jenkins Subversion Partial Release Manager Plugin missing permission check

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

Jenkins Subversion Partial Release Manager Plugin missing permission check

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

GHSA-RV35-69FF-G9GV Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28159

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

CVE-2024-28158

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28159

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

Information disclosure

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

CVE-2024-28159

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

CVE-2024-28159

CVE-2024-28159 affects Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier. The issue is a missing permission check in the plugin, allowing attackers with Item/Read permission to trigger a build via an HTTP endpoint. This is the core risk described across multiple sources (NVD/Red...

CVE-2024-28159

A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build...

CVE-2024-28158

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28158

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28158

CVE-2024-28158 concerns a cross-site request forgery (CSRF) in the Jenkins Subversion Partial Release Manager Plugin (versions 1.0.1 and earlier). The issue, as described in the source documents, lets an attacker trigger a build by convincing an authenticated user to perform an action, due to CSR...

BIT-SUBVERSION-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

BIT-SUBVERSION-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

BIT-SUBVERSION-2022-24070 Apache Subversion mod_dav_svn is vulnerable to memory corruption

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...