Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
References
Configurations
History
21 Nov 2024, 00:30
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/36070 - | |
References | () http://secunia.com/advisories/43139 - | |
References | () http://securitytracker.com/id?1018237 - Patch | |
References | () http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt - | |
References | () http://www.securityfocus.com/bid/24463 - Patch | |
References | () http://www.ubuntu.com/usn/USN-1053-1 - | |
References | () http://www.vupen.com/english/advisories/2007/2230 - | |
References | () http://www.vupen.com/english/advisories/2011/0264 - | |
References | () https://issues.rpath.com/browse/RPL-1896 - |
Information
Published : 2007-06-14 23:30
Updated : 2024-11-21 00:30
NVD link : CVE-2007-2448
Mitre link : CVE-2007-2448
CVE.ORG link : CVE-2007-2448
JSON object : View
Products Affected
subversion
- subversion
CWE