Search for packages
| purl | pkg:maven/org.jenkins-ci.plugins/subversion@2.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9s6y-pk9b-5uef | Cross-Site Request Forgery (CSRF) Subversion Plugin connects to a user-specified Subversion repository as part of form validation. This functionality improperly checked permissions, allowing any user with `Item/Build` permission (but not `Item/Configure`) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. |
CVE-2017-1000085
GHSA-hrwc-pqfm-g6qf |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:31:06.952885+00:00 | GHSA Importer | Fixing | VCID-9s6y-pk9b-5uef | https://github.com/advisories/GHSA-hrwc-pqfm-g6qf | 38.1.0 |
| 2026-04-01T13:10:14.012475+00:00 | GithubOSV Importer | Fixing | VCID-9s6y-pk9b-5uef | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hrwc-pqfm-g6qf/GHSA-hrwc-pqfm-g6qf.json | 38.0.0 |
| 2026-04-01T12:47:23.309682+00:00 | GitLab Importer | Fixing | VCID-9s6y-pk9b-5uef | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/subversion/CVE-2017-1000085.yml | 38.0.0 |