Subversion Partial Release Manager Plugin
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-2199 | 0.02 | — | 0.22 | Jun 3, 2020 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | |||
| CVE-2024-34148 | 0.00 | — | 0.01 | May 2, 2024 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'. | |||
| CVE-2024-28159 | 0.00 | — | 0.00 | Mar 6, 2024 | A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. | |||
| CVE-2024-28158 | 0.00 | — | 0.00 | Mar 6, 2024 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. | |||
| CVE-2020-2152 | 0.00 | — | 0.00 | Mar 9, 2020 | Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. |
- CVE-2020-2199Jun 3, 2020risk 0.02cvss —epss 0.22
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
- CVE-2024-34148May 2, 2024risk 0.00cvss —epss 0.01
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.
- CVE-2024-28159Mar 6, 2024risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.
- CVE-2024-28158Mar 6, 2024risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.
- CVE-2020-2152Mar 9, 2020risk 0.00cvss —epss 0.00
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.