Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Subversion Security Vulnerabilities

cve
cve

CVE-2019-0203

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

7.5CVSS

7.3AI Score

0.001EPSS

2019-09-26 04:15 PM
266
cve
cve

CVE-2020-17525

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod...

7.5CVSS

7.4AI Score

0.007EPSS

2021-03-17 10:15 AM
266
4
cve
cve

CVE-2020-2111

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.

5.4CVSS

5.3AI Score

0.001EPSS

2020-02-12 03:15 PM
88
cve
cve

CVE-2020-2304

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5CVSS

6.4AI Score

0.001EPSS

2020-11-04 03:15 PM
112
cve
cve

CVE-2021-21698

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.

7.5CVSS

8.3AI Score

0.003EPSS

2021-11-04 05:15 PM
111
2
cve
cve

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS

5.5AI Score

0.003EPSS

2022-04-12 06:15 PM
129
5
cve
cve

CVE-2022-24070

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn ar...

7.5CVSS

7.4AI Score

0.001EPSS

2022-04-12 06:15 PM
261
3
cve
cve

CVE-2022-29046

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

5.4CVSS

5.2AI Score

0.001EPSS

2022-04-12 08:15 PM
143
7
cve
cve

CVE-2022-29048

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.

4.3CVSS

4.7AI Score

0.001EPSS

2022-04-12 08:15 PM
93
5
Total number of security vulnerabilities59