Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins/subversion@2.15.3
purl pkg:maven/org.jenkins-ci.plugins/subversion@2.15.3
Next non-vulnerable version 2.15.4
Latest non-vulnerable version 2.15.4
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-2ftm-axhf-gbbd
Aliases:
CVE-2022-29046
GHSA-wpr6-qvcq-8269
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
2.15.4
Affected by 0 other vulnerabilities.
VCID-2jz6-zhnd-9ffy
Aliases:
CVE-2022-29048
GHSA-m5cw-c64p-77h6
Cross-Site Request Forgery (CSRF) A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
2.15.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:49:49.162174+00:00 GitLab Importer Affected by VCID-2ftm-axhf-gbbd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/subversion/CVE-2022-29046.yml 38.0.0
2026-04-01T12:49:49.144757+00:00 GitLab Importer Affected by VCID-2jz6-zhnd-9ffy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/subversion/CVE-2022-29048.yml 38.0.0