FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

websvn -- information disclosure

Affected packages
websvn < 2.3.3_1

Details

VuXML ID f69e1f09-e39b-11e5-9f77-5453ed2e2b49
Discovery 2015-01-18
Entry 2016-03-06

Thijs Kinkhorst reports:

James Clawson reported:

"Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file (using the download link).

An attacker must have write access to the repo, and the download option must have been enabled in the websvn config file."

References

CVE Name CVE-2013-6892
URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6892