Description
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
CVSS Metrics
- Vector
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- network
- Access Cmplx
- low
- Auth
- none
- Confidentiality
- partial
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-200
Metadata
- Primary Vendor
- VIEWVC
- Published
- 1/29/2010
- Last Modified
- 4/11/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
viewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvcviewvc : viewvc
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.