Vulnerability in Apache Subversion

CVE-2013-4262

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected…

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.8.0, 1.8.1, 1.8.2
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)