CVE-2004-0749

5 documents5 sources

Severity

5.0MEDIUM

EPSS

0.6%

top 30.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gentoo Linux Subversion Subversion

Timeline

PublishedDec 23

Latest updateApr 29

Description

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debiansubversion< 1.0.9-2+3

▶NVDsubversion/subversion11 versions+10

▶NVDgentoo/linux5 versions+4

Patches

Patch: subversion.tigris.org ↗Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vw75-9wrr-mqqr: The mod_authz_svn module in Subversion 1↗2022-04-29

▶

OSV

CVE-2004-0749: The mod_authz_svn module in Subversion 1↗2004-12-23

▶

CVEList

CVE-2004-0749: The mod_authz_svn module in Subversion 1↗2004-11-19

▶

📋Vendor Advisories

Debian

CVE-2004-0749: subversion - The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restr...↗2004

▶