2569 matches found
CVE-2020-2199
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...
Cross site scripting
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...
CVE-2020-2199
The CVE-2020-2199 entry describes a reflected Cross-Site Scripting (XSS) vulnerability in the Jenkins Subversion Partial Release Manager Plugin (versions 1.0.1 and earlier). The issue arises because the error message for the repository URL field form validation is not properly escaped, enabling i...
CVE-2020-2199
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...
PT-2020-15413 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Partial Release Manager Plugin versions 1.0.1 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the repository URL field form validation...
Lexiglot Code Issue Vulnerability
Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. A code issue vulnerability exists in Lexiglot 2014-11-20 and earlier versions. An attacker can exploit the vulnerability with the help of the 'svnurl' parameter to cause the server to send a forged...
Going dark: encryption and law enforcement
UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...
Fedora: Security Advisory for viewvc (FEDORA-2020-c952520959)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Privilege Escalation
subversion is vulnerable to privilege escalation. The vulnerability exists as a maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicio...
ansible: svn module leaks password when specified as a parameter
A flaw was found in Ansible Engine. When a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs...
ansible: svn module leaks password when specified as a parameter
A flaw was found in Ansible Engine. When a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs...
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2020-1513)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : subversion (EulerOS-SA-2020-1513)
According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends...
FreeBSD : ansible - subversion password leak from PID (67dbeeb6-80f4-11ea-bafd-815569f3852d)
Borja Tarraso reports : A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument 'password' of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading...
Authorization Bypass
subversion is vulnerable to authorization bypass. The vulnerability exists as through the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially...
Denial Of Service (DoS)
Subversion SVN is vulnerable to denial of service DoS. The vulnerability exists through a flaw found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserv...
Denial Of Service (DoS)
subversion is vulnerable to denial of service. An infinite loop flaw was found in the way the moddavsvn module processed certain data sets. If the SVNPathAuthz directive was set to "shortcircuit", and path-based access control for files and directories was enabled, a malicious, remote user could...
Denial Of Service (DoS)
subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process...
Information Disclosure
subversion is vulnerable to information disclosure. An information disclosure flaw was found in the way the moddavsvn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files i...
Denial Of Service (DoS)
subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd...