Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/Jul/18 | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/ | Mailing List Third Party Advisory |
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt | Exploit Patch Vendor Advisory |
https://support.apple.com/kb/HT213345 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5119 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2022-04-12 18:15
Updated : 2024-02-28 19:09
NVD link : CVE-2021-28544
Mitre link : CVE-2021-28544
CVE.ORG link : CVE-2021-28544
JSON object : View
Products Affected
apple
- macos
fedoraproject
- fedora
debian
- debian_linux
apache
- subversion
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor