ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
References
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2008-03-24 17:44
Updated : 2024-02-04 17:33
NVD link : CVE-2008-1291
Mitre link : CVE-2008-1291
CVE.ORG link : CVE-2008-1291
JSON object : View
Products Affected
gentoo
- linux
viewvc
- viewvc
redhat
- fedora
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor