GHSA-X3PR-FCGM-WJGC Subversion Plugin stored XSS vulnerability

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Subversion Plugin 2.13.1 escapes the affected part of the error message...

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

Important: Red Hat Security Advisory: subversion:1.14 security update

An update for the subversion:1.14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

RHEL 8 : subversion:1.14 (RHSA-2022:4722)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4722 advisory. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of fil...

subversion:1.10 security update

subversion 1.10.2-5 - add security fix for CVE-2022-24070...

AlmaLinux 8 : subversion:1.10 (ALSA-2022:2234)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2234 advisory. subversion: Subversion's moddavsvn is vulnerable to memory corruption CVE-2022-24070 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : subversion:1.10 (ELSA-2022-2234)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2234 advisory. subversion 1.10.2-5 - add security fix for CVE-2022-24070 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

RHEL 8 : OpenShift Container Platform 4.9.33 (RHSA-2022:2205)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:2205 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.33 packages and security update

Red Hat OpenShift Container Platform release 4.9.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: subversion security update

An update for subversion is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

RLSA-2022:4591 Important: subversion security update

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fixes: subversion: Subversion's moddavsvn is vulnerable to memory corruption...

subversion security update

An update is available for subversion. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Subversion SVN is a concurrent version control system which enables one or...

Jenkins Subversion Plugin Stores Credentials with Base64 Encoding

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

GHSA-C4FR-GX5W-8QF2 Jenkins Subversion Plugin Stores Credentials with Base64 Encoding

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...

GHSA-HRWC-PQFM-G6QF Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability

Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...

openSUSE: Security Advisory for subversion (SUSE-SU-2022:1162-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.10 / 2.332.2.6 Multiple Vulnerabilities (CloudBees Security Advisory 2022-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.10, or 2.x prior to 2.332.2.6. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Pipeline: Shared Groovy Libraries Plugin...