cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34148,https://securityvulnerability.io/vulnerability/CVE-2024-34148,Jenkins Plugin Disables Security Fix for CVE-2016-3721,"Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.",Jenkins,Jenkins Subversion Partial Release Manager Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-02T13:28:05.952Z,0
CVE-2024-28159,https://securityvulnerability.io/vulnerability/CVE-2024-28159,Attackers Can Trigger Builds with Item/Read Permission,A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.,Jenkins,Jenkins Subversion Partial Release Manager Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T17:02:00.731Z,0
CVE-2024-28158,https://securityvulnerability.io/vulnerability/CVE-2024-28158,CSRF Vulnerability in Jenkins Subversion Partial Release Manager Plugin,A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.,Jenkins,Jenkins Subversion Partial Release Manager Plugin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-06T17:01:59.995Z,0
CVE-2022-29048,https://securityvulnerability.io/vulnerability/CVE-2022-29048,Cross-Site Request Forgery in Jenkins Subversion Plugin by Jenkins,"A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Subversion Plugin version 2.15.3 and earlier. This flaw permits attackers to manipulate authentication tokens, allowing them to send unauthorized requests to connect to attacker-specified URLs. If exploited, this vulnerability could lead to compromised server configurations and unauthorized access to resources that rely on user authentication.",Jenkins,Jenkins Subversion Plugin,4.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-04-12T19:50:48.000Z,0
CVE-2022-29046,https://securityvulnerability.io/vulnerability/CVE-2022-29046,Stored Cross-Site Scripting in Jenkins Subversion Plugin by CloudBees,"The Jenkins Subversion Plugin versions up to 2.15.3 is susceptible to a stored cross-site scripting vulnerability due to inadequate escaping of the name and description fields for List Subversion tags. This weakness allows users with Item/Configure permissions to inject malicious scripts that can be executed in the context of other users accessing the view, potentially leading to unauthorized actions and data exfiltration.",Jenkins,Jenkins Subversion Plugin,5.4,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-04-12T19:50:44.000Z,0
CVE-2021-21698,https://securityvulnerability.io/vulnerability/CVE-2021-21698,File Name Restriction Flaw in Jenkins Subversion Plugin by Jenkins,"The Jenkins Subversion Plugin allows for unrestricted file name retrieval when looking up a subversion key file on the controller from an agent. This vulnerability could potentially allow for unauthorized file access, exposing sensitive information and compromising the security of the Jenkins environment.",Jenkins,Jenkins Subversion Plugin,7.5,HIGH,0.002420000033453107,false,,false,false,false,,,false,false,,2021-11-04T16:30:44.000Z,0
CVE-2020-2304,https://securityvulnerability.io/vulnerability/CVE-2020-2304,,Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.,Jenkins,Jenkins Subversion Plugin,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2020-11-04T14:35:38.000Z,0
CVE-2020-2199,https://securityvulnerability.io/vulnerability/CVE-2020-2199,,"Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.",Jenkins,Jenkins Subversion Partial Release Manager Plugin,6.1,MEDIUM,0.0015399999683722854,false,,false,false,false,,,false,false,,2020-06-03T12:40:26.000Z,0
CVE-2020-2152,https://securityvulnerability.io/vulnerability/CVE-2020-2152,,"Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.",Jenkins,Jenkins Subversion Release Manager Plugin,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-03-09T15:01:03.000Z,0
CVE-2020-2111,https://securityvulnerability.io/vulnerability/CVE-2020-2111,,"Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.",Jenkins,Jenkins Subversion Plugin,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-02-12T14:35:41.000Z,0