Vulnerability in Apache Subversion

CVE-2013-7393

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was…

EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.8.0, 1.8.1
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)