Mageia: Security Advisory (MGASA-2022-0140)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5119-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0140 Updated subversion packages fix security vulnerability

SVN authz protected copyfrom paths regression. CVE-2021-28544 Subversion's moddavsvn is vulnerable to memory corruption. CVE-2022-24070...

Updated subversion packages fix security vulnerability

SVN authz protected copyfrom paths regression. CVE-2021-28544 Subversion's moddavsvn is vulnerable to memory corruption. CVE-2022-24070...

Information Disclosure

subversion is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to sensitive information...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. The vulnerability exists due to a use after free memory corruption...

CVE-2022-29048

A flaw was found in the Jenkins subversion plugin. The Jenkins subversion plugin allows attackers to connect to an attacker-specified URL. This flaw allows attackers to trick the user into visiting their website that contains a malicious script, allowing submission to the server on behalf of the...

CVE-2022-29046

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

CVE-2022-24070

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

CVE-2021-28544

A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its 'copyfrom' path the path to the protected location is...

[SECURITY] [DSA 5119-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5119-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2022 https://www.debian.org/security/faq -...

Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags and more parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of...

GHSA-WPR6-QVCQ-8269 Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags and more parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of...

GHSA-M5CW-C64P-77H6 CSRF vulnerability in Jenkins Subversion Plugin

Subversion Plugin 2.15.3 and earlier does not require POST requests for several form validation methods, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to connect to an attacker-specified URL...

CSRF vulnerability in Jenkins Subversion Plugin

Subversion Plugin 2.15.3 and earlier does not require POST requests for several form validation methods, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to connect to an attacker-specified URL...

Jenkins Subversion Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Subversion Plugin, which stems from not escaping the name and...

Jenkins Subversion Plugin Cross-Site Request Forgery Vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Subversion Plugin is vulnerable to cross-site request forgery, which can be exploited by an attacker to connect to ...

Vulnerabilities fixed in Apache Subversion (SVN)

Apache has fixed vulnerabilities in Subversion SVN. The vulnerabilities allow an unauthenticated remote malicious agent to remotely capable of causing a denial-of-service or obtain system information. -= SUSE =- SUSE has made updates available to fix the vulnerability in SUSE 15. fix in SUSE 15...

DSA-5119-1 subversion - security update

Bulletin has no description...

Ubuntu: Security Advisory (USN-5372-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...