CVE-2013-7393
published 2014-07-28CVE-2013-7393: The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py…
low2.4CVSS 3.1
AVLACHAuSCNIPAP
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | — | — |
| apache | subversion | >= 0 < 1.8.5-1 | 1.8.5-1 |
| apache | subversion | >= 0 < 1.8.5-1 | 1.8.5-1 |
| apache | subversion | >= 0 < 1.8.5-1 | 1.8.5-1 |
| apache | subversion | >= 0 < 1.8.5-1 | 1.8.5-1 |
| debian | subversion | < subversion 1.8.5-1 (bookworm) | subversion 1.8.5-1 (bookworm) |
CVSS provenance
nvd2.4LOWAV:L/AC:H/Au:S/C:N/I:P/A:P
osv2.4LOW