{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22456", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-12-29T03:00:40.878Z", "datePublished": "2023-01-03T18:29:51.262Z", "dateUpdated": "2024-08-02T10:13:48.320Z"}, "containers": {"cna": {"title": "ViewVC XSS vulnerability in revision view changed paths", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"}, {"name": "https://github.com/viewvc/viewvc/issues/311", "tags": ["x_refsource_MISC"], "url": "https://github.com/viewvc/viewvc/issues/311"}, {"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.29", "tags": ["x_refsource_MISC"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"}, {"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"}], "affected": [{"vendor": "viewvc", "product": "viewvc", "versions": [{"version": "< 1.1.29", "status": "affected"}, {"version": ">= 1.2.0, < 1.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-03T18:29:51.262Z"}, "descriptions": [{"lang": "en", "value": "ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format \"html\"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)"}], "source": {"advisory": "GHSA-j4mx-f97j-gc5g", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:48.320Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"}, {"name": "https://github.com/viewvc/viewvc/issues/311", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/viewvc/viewvc/issues/311"}, {"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.29", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"}, {"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB51E00C-7F8B-426A-80EF-C57BDE6DE88F", "versionEndExcluding": "1.1.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*", "matchCriteriaId": "227BB175-E196-488C-9E25-3F39111283E9", "versionEndExcluding": "1.2.2", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format \"html\"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)"}, {"lang": "es", "value": "ViewVC, una interfaz de navegador para repositorios de control de versiones de CVS y Subversion, es una vulnerabilidad de cross-site scripting que afecta a versiones anteriores a 1.2.2 y 1.1.29. El impacto de esta vulnerabilidad se ve mitigado por la necesidad de que un atacante tenga privilegios de confirmaci\u00f3n en un repositorio de Subversion expuesto por una instancia de ViewVC que, de otro modo, ser\u00eda de confianza. El vector de ataque implica archivos con nombres no seguros (nombres que, al incrustarse en una secuencia HTML, har\u00edan que el navegador ejecutara c\u00f3digo no deseado), que pueden ser dif\u00edciles de crear. Los usuarios deben actualizar al menos a la versi\u00f3n 1.2.2 (si est\u00e1n usando una versi\u00f3n 1.2.x de ViewVC) o 1.1.29 (si est\u00e1n usando una versi\u00f3n 1.1.x). ViewVC 1.0.x ya no es compatible, por lo que los usuarios de esa l\u00ednea de versiones deben implementar un workaround. Los usuarios pueden editar sus plantillas de vista EZT de ViewVC para escapar manualmente mediante HTML las rutas modificadas durante la representaci\u00f3n. Localice en el archivo `revision.ezt` de su conjunto de plantillas las referencias a esas rutas modificadas y enci\u00e9rrelas con `[format \"html\"]` y `[end]`. Para la mayor\u00eda de los usuarios, eso significa que las referencias a `[changes.path]` se convertir\u00e1n en `[format \"html\"][changes.path][end]`. (Este workaround se debe revertir despu\u00e9s de actualizar a una versi\u00f3n parcheada de ViewVC, de lo contrario, los nombres de las rutas modificadas se escapar\u00e1n dos veces)."}], "id": "CVE-2023-22456", "lastModified": "2024-11-21T07:44:50.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-03T19:15:10.483", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/issues/311"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/issues/311"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}