subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

Ubuntu: Security Advisory (USN-5450-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5450-1: Subversion vulnerabilities

Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that subversion servers did not properly...

USN-5450-1 subversion vulnerabilities

Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that subversion servers did not properly...

Critical Photon OS Security Update - PHSA-2022-0189

Updates of 'linux-aws', 'subversion', 'linux-secure', 'linux-rt', 'vim', 'linux-esx', 'linux' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-4.0-0189

Updates of 'linux', 'linux-aws', 'subversion', 'vim', 'linux-secure', 'linux-rt', 'linux-esx' packages of Photon OS have been released...

Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5450-1 advisory. Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially u...

Ubuntu: Security Advisory (USN-5445-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5445-1: Subversion vulnerabilities

Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-11782 Tomas Bortoli discovered that Subversion...

USN-5445-1 subversion vulnerabilities

Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cause svnserver to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2018-11782 Tomas Bortoli discovered that Subversion...

Ubuntu 18.04 LTS / 20.04 LTS : Subversion vulnerabilities (USN-5445-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5445-1 advisory. Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cau...

Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files

Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Subversion Plugin 2.15.1 checks for...

GHSA-Q58J-FHJ7-J6FG Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files

Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Subversion Plugin 2.15.1 checks for...

XXE vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...

GHSA-VP5F-8JGW-J53C XXE vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control an agent process to have Jenkins parse a crafted changelog file that uses external entities for extraction of secrets from the Jenkins...

GHSA-QMF3-W5JF-CV54 XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin

Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation. This results in a reflected cross-site scripting XSS vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users...

XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin

Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation. This results in a reflected cross-site scripting XSS vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users...

Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)

Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation. This results in a reflected cross-site scripting vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with...

GHSA-WC2G-9J98-VCGW Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)

Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation. This results in a reflected cross-site scripting vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with...

Subversion Plugin stored XSS vulnerability

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Subversion Plugin 2.13.1 escapes the affected part of the error message...