CPE Details
Jenkins Subversion 2.10.2 for Jenkins
2.10.2
2019-04-25
12h08 +00:00
12h08 +00:00
2019-04-25
12h08 +00:00
12h08 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:jenkins:subversion:2.10.2:*:*:*:*:jenkins:*:*
Informations
Vendor
jenkinsProduct
subversionVersion
2.10.2Target Software
jenkinsRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 |
Medium |
||
| Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
Medium |
||
| Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | 7.5 |
High |
||
| Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
Medium |
||
| Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 |
Medium |
||
| An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. | 5.3 |
Medium |
2025©
tesweb SA
