← Volver a CVEs
CVE-2021-28544
MEDIUM4.3
Descripcion
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/12/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
apache:subversionapple:macosdebian:debian_linuxfedoraproject:fedora
Debilidades (CWE)
CWE-200CWE-200
Referencias
http://seclists.org/fulldisclosure/2022/Jul/18(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/(security@apache.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/(security@apache.org)
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt(security@apache.org)
https://support.apple.com/kb/HT213345(security@apache.org)
https://www.debian.org/security/2022/dsa-5119(security@apache.org)
http://seclists.org/fulldisclosure/2022/Jul/18(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/(af854a3a-2127-422b-91ae-364da2661108)
https://subversion.apache.org/security/CVE-2021-28544-advisory.txt(af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT213345(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5119(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.