CVE-2022-29048: CSRF
First published: Tue Apr 12 2022(Updated: )
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.
Credit: Evgeny Kotkov visualsvn.com Evgeny Kotkov visualsvn.com Evgeny Kotkov visualsvn.com Evgeny Kotkov visualsvn.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Subversion | <=2.15.3 | |
| Apple macOS | >=12.0<12.5 | |
| maven/org.jenkins-ci.plugins:subversion | <2.15.4 | 2.15.4 |
| <12.5 | 12.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213345 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2022-29048
- https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2075
- https://support.apple.com/kb/HT213345
- http://seclists.org/fulldisclosure/2022/Jul/18
- https://github.com/jenkinsci/subversion-plugin/commit/882a7d359f6ac73c53d787bff4d62eba837001ea
- https://github.com/advisories/GHSA-m5cw-c64p-77h6 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-42858
- CVE-2022-32832
- CVE-2022-32788
- CVE-2022-32880
- CVE-2022-32826
- CVE-2022-42805
- CVE-2022-32948
- CVE-2022-32810
- CVE-2022-32840
- CVE-2022-32845
- CVE-2022-48578
- CVE-2022-32797
- CVE-2022-32851
- CVE-2022-32852
- CVE-2022-32853
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32820
- CVE-2022-32825
- CVE-2022-32789
- CVE-2022-32805
- CVE-2022-32828
- CVE-2022-32839
- CVE-2022-32819
- CVE-2022-32793
- CVE-2022-32821
- CVE-2022-32849
- CVE-2022-32787
- CVE-2022-32897
- CVE-2022-32802
- CVE-2022-32841
- CVE-2022-32785
- CVE-2022-32811
- CVE-2022-32812
- CVE-2022-48503
- CVE-2022-32813
- CVE-2022-32815
- CVE-2022-32817
- CVE-2022-32829
- CVE-2022-26981
- CVE-2022-32823
- CVE-2022-32814
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32838
- CVE-2022-32843
- CVE-2022-46708
- CVE-2022-32796
- CVE-2022-32842
- CVE-2022-32798
- CVE-2022-32799
- CVE-2022-32818
- CVE-2022-32857
- CVE-2022-32807
- CVE-2022-32801
- CVE-2021-28544
- CVE-2022-24070
- CVE-2022-29046
- CVE-2022-29048
- CVE-2022-32834
- CVE-2022-32933
- CVE-2022-32885
- CVE-2022-32861
- CVE-2022-32863
- CVE-2022-32816
- CVE-2022-32792
- CVE-2022-2294
- CVE-2022-32860
- CVE-2022-32837
- CVE-2022-32847
- CVE-2022-32848
Frequently Asked Questions
What is CVE-2022-29048?
CVE-2022-29048 is a vulnerability in the subversion software that has been addressed by updating subversion.
Which software versions are affected by CVE-2022-29048?
The vulnerability CVE-2022-29048 affects macOS Monterey version up to and excluding 12.5.
How can I fix CVE-2022-29048?
To fix CVE-2022-29048, update your macOS Monterey software to version 12.5 or newer.
What is the severity of CVE-2022-29048?
The severity of CVE-2022-29048 is not specified in the provided information.
Where can I find more information about CVE-2022-29048?
You can find more information about CVE-2022-29048 on the Apple support website: https://support.apple.com/en-us/HT213345
- collector/github-advisory-latest
- alias/GHSA-m5cw-c64p-77h6
- alias/CVE-2022-29048
- collector/github-advisory
- collector/nvd-cve
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- collector/apple-support
- source/Apple
- alias/CVE-2022-24070
- alias/CVE-2022-29046
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- package-manager/maven
- vendor/jenkins
- canonical/jenkins subversion
- version/jenkins subversion/2.15.3
- vendor/apple
- canonical/apple macos
- version/apple macos/12.0
- canonical/apple macos monterey