Org.jenkins-ci.plugins:subversion

This hub aggregates every CVE we track for Org.jenkins-ci.plugins:subversion, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 8 most recently published vulnerabilities affecting Org.jenkins-ci.plugins:subversion.

• CVE-2022-29048A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.4.3Apr 12, 2022
• CVE-2022-29046Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site ...5.4Apr 12, 2022
• CVE-2021-21698Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.7.5Nov 4, 2021
• CVE-2020-2304Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.6.5Nov 4, 2020
• CVE-2020-2111Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.5.4Feb 12, 2020
• CVE-2018-1000111An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with netw...5.3Mar 13, 2018
• CVE-2017-1000085Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any us...6.5Oct 4, 2017
• CVE-2013-6372The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.2.1May 8, 2014