ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2010-01-29 18:30
Updated : 2023-11-07 02:04
NVD link : CVE-2010-0004
Mitre link : CVE-2010-0004
CVE.ORG link : CVE-2010-0004
JSON object : View
Products Affected
viewvc
- viewvc
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor