ViewVC prior to 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read files and list folders under the hidden CVSROOT folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
viewvc viewvc 1.0.2 |
||
viewvc viewvc 1.0.3 |