oss-sec mailing list archives
CVE request: WebSVN
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 18 Jan 2009 22:00:03 +0100
WebSVN 2.0 does not properly implement access control checks, allowing authenticated users to access files with known paths. (This is fixed in version 2.1. I think this feature was only included in the 1.7 betas, and no released 1.x version before that. Relevant fixes are probably in r635, r636, r649.)
Current thread:
- CVE request: WebSVN Florian Weimer (Jan 18)
- Re: CVE request: WebSVN Steven M. Christey (Jan 20)