CVE-2021-28544
Description
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal copyfrom paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the copyfrom path of the original. This also reveals the fact that the node was copied. Only the copyfrom path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.42
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Mac OS - Monterey 12.5 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Monterey 12.5 - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Monterey 12.5.1 (Software Update) - AutoReboot | Mac |
| Multiple vulnerabilities are fixed in Mac OS - Monterey 12.5.1 - AutoReboot | Mac |
| subversion security update(DSA-5119-1) subversion_1.10.4-1+deb10u3_i386.deb | Linux |
| subversion security update(DSA-5119-1) subversion_1.10.4-1+deb10u3_amd64.deb | Linux |
| subversion security update(DSA-5119-1) subversion_1.14.1-3+deb11u1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn1_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn1_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) ruby-svn_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) ruby-svn_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) subversion_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) subversion_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn-java_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn-java_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn-perl_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn-perl_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) subversion-tools_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) subversion-tools_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) python-subversion_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libapache2-mod-svn_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libapache2-mod-svn_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) python3-subversion_1.14.1-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5450-1) libsvn1_1.14.1-3ubuntu0.22.04.1_amd64.deb | Linux |
| Advanced version control system (USN-5450-1) subversion_1.14.1-3ubuntu0.22.04.1_amd64.deb | Linux |
| Advanced version control system (USN-5450-1) libapache2-mod-svn_1.14.1-3ubuntu0.22.04.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) ruby-svn_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn-java_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) libsvn-perl_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) subversion-tools_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| Advanced version control system (USN-5372-1) python-subversion_1.13.0-3ubuntu0.1_amd64.deb | Linux |
| subversion security update(DSA-5119-1) subversion_1.14.1-3+deb11u1_i386.deb | Linux |
| subversion Security Update (ALAS-2023-011) subversion-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS-2023-011) subversion-libs-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS-2023-011) subversion-perl-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS-2023-011) subversion-devel-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS-2023-011) subversion-tools-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS-2023-011) subversion-javahl-1.14.2-5.amzn2023.0.2.noarch.rpm | Linux |
| subversion Security Update (ALAS-2023-011) python3-subversion-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) python3-subversion-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) subversion-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) subversion-devel-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) subversion-javahl-1.14.2-5.amzn2023.0.2.noarch.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) subversion-libs-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) subversion-perl-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
| subversion Security Update (ALAS2023-2023-011) subversion-tools-1.14.2-5.amzn2023.0.2.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-608134 | Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877) |
| PATCH-608134 | Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234