Description
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
References (5)
Core 5
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11243
Patch, Vendor Advisory x_refsource_confirm
http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt
Mailing List vendor-advisory
x_refsource_fedora
http://fedoranews.org/updates/FEDORA-2004-318.shtml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17472
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
Scores
EPSS
0.0062
EPSS Percentile
70.2%
Details
Status
published
Products (16)
gentoo/linux
0.5
gentoo/linux
0.7
gentoo/linux
1.1a
gentoo/linux
1.2
gentoo/linux
1.4 (4 CPE variants)
subversion/subversion
1.0
subversion/subversion
1.0.1
subversion/subversion
1.0.2
subversion/subversion
1.0.3
subversion/subversion
1.0.4
... and 6 more
Published
Dec 23, 2004
Tracked Since
Feb 18, 2026