CVE-2021-28544

Public on 2022-04-12
Modified on 2022-10-03
Description
A flaw was found in Subversion. When using path-based authorization (authz), the helper function detect_changed() does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its copyfrom path (the path to the protected location) is reported even when omission should occur.
Severity
Low severity
Low
CVSS v3 Base Score
4.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2023 subversion 2023-02-17 ALAS2023-2023-011 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv2 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N
NVD CVSSv3 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N