Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: 200412-26 Low Severity: ViewCVS XSS And Information Leak

gentoo
Calendar Grey December 28, 2004
Dist Gentoo Esm H88
ViewCVS on Gentoo Linux encounters vulnerability concerns involving data exposure and Cross-Site Scripting (XSS) threats. It's advisable to perform updates to uphold security measures.
ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues.

Summary

Gentoo Linux Security Advisory GLSA 200412-26 https://security.gentoo.org/ Severity: Low Title: ViewCVS: Information leak and XSS vulnerabilities Date: December 28, 2004 Bugs: #72461, #73772 ID: 200412-26

Synopsis ======= ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues.
Background ========= ViewCVS is a browser interface for viewing CVS and Subversion version control repositories through a web browser.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/viewcvs <= 0.9.2_p20041207 >= 0.9.2_p20041207-r1
========== The tar export functions in ViewCVS bypass the 'hide_cvsroot' and 'forbidden' settings and therefore expose information that should be kept secret (...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory information leak gentoo cross-site scripting low severity xss viewcvs

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory information leak gentoo cross-site scripting low severity xss viewcvs

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here