Subversion Jenkins Subversion

Do you want an email whenever new security vulnerabilities are reported in Jenkins Subversion?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Subversion . Subversion did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 2 4.85
2021 1 7.50
2020 2 5.95
2019 0 0.00
2018 1 5.30

It may take a day or so for new Subversion vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Subversion Security Vulnerabilities

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier

CVE-2022-29048 4.3 - Medium - April 12, 2022

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

Session Riding

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters

CVE-2022-29046 5.4 - Medium - April 12, 2022

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

XSS

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller

CVE-2021-21698 7.5 - High - November 04, 2021

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.

Directory traversal

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2020-2304 6.5 - Medium - November 04, 2020

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation

CVE-2020-2111 5.4 - Medium - February 12, 2020

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.

XSS

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java

CVE-2018-1000111 5.3 - Medium - March 13, 2018

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Subversion or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

subscribe