CVE-2013-4262 — Link Following in Apache Subversion

CWE-59 — Link Following9 documents8 sources

Severity

2.4LOWNVD

EPSS

0.3%

top 50.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedJul 28

Latest updateMay 17

Description

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.

CVSS vector

AV:L/AC:H/C:N/I:P/A:PExploitability: 1.5 | Impact: 4.9

Affected Packages2 packages

▶Debianapache/subversion< 1.8.5-1+3

▶NVDapache/subversion1.8.0, 1.8.1, 1.8.2+2

🔴Vulnerability Details

GHSA

GHSA-hc4r-gj92-39g7: svnwcsub↗2022-05-17

▶

OSV

CVE-2013-4262: svnwcsub↗2014-07-28

▶

CVEList

CVE-2013-4262: svnwcsub↗2014-07-28

▶

📋Vendor Advisories

Red Hat

subversion: svnwcsub.py and irkerbridge.py are vulnerable to symlink attack↗2013-08-30

▶

Red Hat

subversion: svnwcsub.py and irkerbridge.py are vulnerable to symlink attack↗2013-08-30

▶

Debian

CVE-2013-4262: subversion - svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option an...↗2013

▶

Apache

Apache subversion: CVE-2013-4262↗

▶

💬Community

Bugzilla

CVE-2013-4262 CVE-2013-7393 subversion: svnwcsub.py and irkerbridge.py are vulnerable to symlink attack↗2013-08-22

▶