CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

USN-5372-1: Subversion vulnerabilities

Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that Subversion servers did not properly...

SUSE-SU-2022:1162-1 Security update for subversion

This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in moddavsvn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service bsc1197940. - CVE-2021-28544: Fixed an information leak issue where...

SUSE-SU-2022:1161-1 Security update for subversion

This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in moddavsvn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denegation of service bsc1197940. - CVE-2021-28544: Fixed an information leak issue where...

PT-2022-19386 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Subversion Plugin, which stems from not escaping the name and...

PT-2022-19388 · Jenkins +1 · Jenkins Subversion Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL. This issue arises because the Subversion Plugin does not require POST...

Apache Subversion 资源管理错误漏洞

Apache Subversion is an open source version control system from the Apache Foundation. Apache Subversion is vulnerable to a resource management error that originates from a post-release reuse error in moddavsvn. A remote attacker could use this vulnerability to send a specially crafted HTTP reque...

Jenkins 跨站请求伪造漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Subversion Plugin is vulnerable to cross-site request forgery, which can be exploited by an attacker to connect to ...

Ubuntu 20.04 LTS : Subversion vulnerabilities (USN-5372-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5372-1 advisory. Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially u...

Subversion -- Multiple vulnerabilities in server code

Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...

Apache Subversion 信息泄露漏洞

Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...

CVE-2020-17525 affecting package subversion for versions less than 1.14.0-4

CVE-2020-17525 affecting package subversion for versions less than 1.14.0-4. A patched version of the package is available...

FreeBSD-SA-22:08.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:08.zlib Security Advisory The FreeBSD Project Topic: zlib compression out-of-bounds write Category: zlib Module: contrib Announced: 2022-04-06 Credits: Danil...

FreeBSD-SA-22:06.ioctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:06.ioctl Security Advisory The FreeBSD Project Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write Category: core Module: mpr, mps, mpt Announced:...

RHEL 7 / 8 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

subversion: Stored XSS vulnerabilities in Jenkins subversion plugin

A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting XSS vulnerability, exploitable by attackers with...

Ubuntu 16.04 ESM : Subversion vulnerability (USN-5322-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5322-1 advisory. Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Tenable has...

USN-5322-1 subversion vulnerability

Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...

USN-5322-1: Subversion vulnerability

Thomas Akesson discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...