CVE-2007-2448

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Configurations

Configuration 1 (hide)

cpe:2.3:a:subversion:subversion:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://osvdb.org/36070 - () http://osvdb.org/36070 -
References () http://secunia.com/advisories/43139 - () http://secunia.com/advisories/43139 -
References () http://securitytracker.com/id?1018237 - Patch () http://securitytracker.com/id?1018237 - Patch
References () http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt - () http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt -
References () http://www.securityfocus.com/bid/24463 - Patch () http://www.securityfocus.com/bid/24463 - Patch
References () http://www.ubuntu.com/usn/USN-1053-1 - () http://www.ubuntu.com/usn/USN-1053-1 -
References () http://www.vupen.com/english/advisories/2007/2230 - () http://www.vupen.com/english/advisories/2007/2230 -
References () http://www.vupen.com/english/advisories/2011/0264 - () http://www.vupen.com/english/advisories/2011/0264 -
References () https://issues.rpath.com/browse/RPL-1896 - () https://issues.rpath.com/browse/RPL-1896 -

Information

Published : 2007-06-14 23:30

Updated : 2024-11-21 00:30


NVD link : CVE-2007-2448

Mitre link : CVE-2007-2448

CVE.ORG link : CVE-2007-2448


JSON object : View

Products Affected

subversion

  • subversion