Description
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- none
- Confidentiality
- partial
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-200
Metadata
- Primary Vendor
- VIEWVC
- Published
- 3/24/2008
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
viewvc : viewvcviewvc : viewvc
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.