CVE-2010-0004

critical

Description

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

References

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html

http://www.openwall.com/lists/oss-security/2010/01/14/4

http://www.openwall.com/lists/oss-security/2010/01/13/5

http://www.openwall.com/lists/oss-security/2010/01/11/2

http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300

http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD

http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html

Details

Source: Mitre, NVD

Published: 2010-01-29

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0082

Detections

Analytics