Ticket #91 (Fixed)Sat Nov 11 19:14:07 UTC 2006
Security hole through CVSHistory
Reported by: | Andrew Hodgkinson (6) | Severity: | Critical |
Part: | Web site: RCVSweb and CVSweb (CVS browsing) | Release: | |
Milestone: | Status | Fixed |
Details by Andrew Hodgkinson (6):
Directly fetching CVSHistory pages shows that while the CVSROOT directory cannot be enumerated, individual files within it can; log information, history and contents can be viewed.
Changelog:
Modified by Andrew Hodgkinson (6) Fri, December 01 2006 - 12:06:51 GMT
- Status changed from Open to Fixed
Fixed in Changeset #151.