CVE-2008-1292
ViewVC - Exposure of Sensitive Information via Revision Metadata
Title source: llmDescription
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-29.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29460
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29176
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471380
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0734/references
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28055
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=212288
Various Sources x_refsource_confirm
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
Scores
EPSS
0.0137
EPSS Percentile
68.7%
Details
CWE
CWE-200
Status
published
Products (2)
viewvc/viewvc
1.0.2
viewvc/viewvc
1.0.3
Published
Mar 24, 2008
Tracked Since
Feb 18, 2026