QwikSec

Security Database

CVE

CWE

Training

CVE-2021-28544

Published: Apr 12, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.

Vendor	Product	Versions
Apache Software Foundation	Apache Subversion	affected `1.10.0 to 1.14.1`

Weaknesses (CWE)

References

https://subversion.apache.org/security/CVE-2021-28544-advisory.txt

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

FEDORA-2022-13cc09ecf2

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-2af658b090

vendor-advisory

x_refsource_FEDORA

https://support.apple.com/kb/HT213345

x_refsource_CONFIRM

20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.