107 matches found
CVE-2017-1000085
Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin...
Jenkins: insecure storage of passwords in Subversion plugin (SECURITY-58)
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
CVE-2013-6372
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
CVE-2013-6372
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
Design/Logic Flaw
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
PT-2014-3100 · Jenkins · Jenkins Subversion Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion plugin versions prior to 1.54 Description: The issue allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file, due to the storage of credentials using base64 encoding...
Jenkins < 1.545 Subversion Plugin Information Disclosure
The remote web server hosts a version of Jenkins that is affected by an information disclosure vulnerability that could allow a local attacker to obtain passwords and SSH private key passphrases related to accessing Subversion resources. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...