Jenkins Project Jenkins Subversion Partial Release Manager Plugin vulnerabilities

CVE-2024-34148 [MEDIUM] CVE-2024-34148: Jenkins Subversion Partial Release Manager Plugin 1 Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.

CVE-2024-28158 [MEDIUM] CWE-352 CVE-2024-28158: A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plug A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build.

CVE-2024-28159 [MEDIUM] CWE-862 CVE-2024-28159: A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier al A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.

CVE-2020-2199 [MEDIUM] CWE-79 CVE-2020-2199: Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error messag Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

CVE-2016-3721 [MEDIUM] CWE-17 CVE-2016-3721: Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.