jenkins subversion の CVE(7 件)

CVE 件数: 7 CPE versions: View versions table

概要

本ページは jenkins subversion に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 17 / 7 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2022-29048 A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. [email protected] 4.3 1.80% 2022-04-12 2026-06-17
CVE-2022-29046 Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. [email protected] 5.4 2.35% 2022-04-12 2026-06-17
CVE-2021-21698 Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. [email protected] 7.5 2.07% 2021-11-04 2026-06-16
CVE-2020-2304 Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. [email protected] 6.5 1.47% 2020-11-04 2026-06-16
CVE-2020-2111 Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. [email protected] 5.4 0.92% 2020-02-12 2026-06-16
CVE-2018-1000111 An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. [email protected] 5.3 0.91% 2018-03-13 2026-06-16
CVE-2017-1000085 Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without dire [email protected] 6.5 1.03% 2017-10-04 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence