CVE-2012-3357

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/83227
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
http://www.debian.org/security/2012/dsa-2563
http://www.mandriva.com/security/advisories?name=MDVSA-2013:134
http://www.openwall.com/lists/oss-security/2012/06/25/8
http://www.securityfocus.com/bid/54199
https://exchange.xforce.ibmcloud.com/vulnerabilities/76615
https://lwn.net/Articles/505096/
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:viewvc:viewvc::::::::
	cpe:2.3:a:viewvc:viewvc:0.8:::::::*
	cpe:2.3:a:viewvc:viewvc:0.9:::::::*
	cpe:2.3:a:viewvc:viewvc:0.9.1:::::::*
	cpe:2.3:a:viewvc:viewvc:0.9.2:::::::*
	cpe:2.3:a:viewvc:viewvc:0.9.3:::::::*
	cpe:2.3:a:viewvc:viewvc:0.9.4:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.0:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.1:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.2:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.3:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.4:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.5:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.6:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.7:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.8:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.9:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.10:::::::*
	cpe:2.3:a:viewvc:viewvc:1.0.11:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.0:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.1:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.2:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.3:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.4:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.5:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.6:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.7:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.8:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.9:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.10:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.11:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.12:::::::*
	cpe:2.3:a:viewvc:viewvc:1.1.13:::::::*

History

No history.

Information

Published : 2012-07-22 16:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-3357

Mitre link : CVE-2012-3357

CVE.ORG link : CVE-2012-3357

JSON object : View

Products Affected

viewvc

viewvc

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.0 /10