FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

websvn -- information disclosure

Affected packages
websvn < 2.3.3_1


VuXML ID f69e1f09-e39b-11e5-9f77-5453ed2e2b49
Discovery 2015-01-18
Entry 2016-03-06

Thijs Kinkhorst reports:

James Clawson reported:

"Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file (using the download link).

An attacker must have write access to the repo, and the download option must have been enabled in the websvn config file."


CVE Name CVE-2013-6892