3 matches found
CVE-2017-1000085
Subversion Plugin connects to a user-specified Subversion repository as part of form validation e.g. to retrieve a list of tags. This functionality improperly checked permissions, allowing any user with Item/Build permission but not Item/Configure to connect to any web server or Subversion server...
CVE-2017-1000085
CVE-2017-1000085 affects the Jenkins Subversion Plugin. The vulnerability arises when the Subversion plugin connects to a user-specified repository during form validation, bypassing Item/Configure permissions and allowing users with Item/Build permission (but not Item/Configure) to have the plugi...
CVE-2017-1000085
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...