CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...

CVE-2024-34148

CVE-2024-34148 affects Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier, which programmatically disables the CVE-2016-3721 fix by setting the Java system property hudson.model.ParametersAction.keepUndefinedParameters on release-tag builds. The GitHub advisory states there is no...

CVE-2024-34148

Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'...

Jenkins plugins Multiple Vulnerabilities (2024-05-02)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28159

CVE-2024-28159 affects Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier. The issue is a missing permission check in the plugin, allowing attackers with Item/Read permission to trigger a build via an HTTP endpoint. This is the core risk described across multiple sources (NVD/Red...

CVE-2024-28158

A cross-site request forgery CSRF vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build...

CVE-2024-28158

CVE-2024-28158 concerns a cross-site request forgery (CSRF) in the Jenkins Subversion Partial Release Manager Plugin (versions 1.0.1 and earlier). The issue, as described in the source documents, lets an attacker trigger a build by convincing an authenticated user to perform an action, due to CSR...

CVE-2020-2152

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2152

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2152

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2152

CVE-2020-2152 affects Jenkins Subversion Release Manager Plugin 1.2 and earlier. A reflected cross-site scripting vulnerability arises because the error message shown for the Repository URL field validation is not escaped, enabling injection via crafted input. The root cause is lack of proper esc...