ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-24T17:00:00

Updated: 2024-08-07T08:17:33.494Z

Reserved: 2008-03-12T00:00:00

Link: CVE-2008-1291

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-03-24T17:44:00.000

Modified: 2009-08-20T05:14:20.213

Link: CVE-2008-1291

cve-icon Redhat

No data.