Information disclosure in Apache Subversion

CVE-2015-3187

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of…

Vulnerability class: Information Disclosure

EPSS: 0.009 (76.7th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.8.1, 1.8.2, 1.8.3
Apple Xcode
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2015:1742 (x_refsource_REDHAT, vendor-advisory)
RHSA-2015:1633 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
DSA-3331 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2015:1401 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
76273 (vdb-entry, x_refsource_BID)
USN-2721-1 (x_refsource_UBUNTU, vendor-advisory)
1033215 (vdb-entry, x_refsource_SECTRACK)
APPLE-SA-2016-03-21-4 (vendor-advisory, x_refsource_APPLE)