Unrated severityNVD Advisory· Published Apr 12, 2022· Updated Aug 3, 2024
Apache Subversion SVN authz protected copyfrom paths regression
CVE-2021-28544
Description
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1.10.0 to 1.14.1
- osv-coords26 versionspkg:bitnami/subversionpkg:rpm/opensuse/subversion&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/subversion&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/subversion&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/subversion&distro=SUSE%20Manager%20Server%204.1
>= 1.10.0, < 1.14.2+ 25 more
- (no CPE)range: >= 1.10.0, < 1.14.2
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150300.10.8.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-3.6.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
- (no CPE)range: < 1.10.6-150000.3.21.1
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2022/dsa-5119mitrevendor-advisoryx_refsource_DEBIAN
- seclists.org/fulldisclosure/2022/Jul/18mitremailing-listx_refsource_FULLDISC
- subversion.apache.org/security/CVE-2021-28544-advisory.txtmitrex_refsource_MISC
- support.apple.com/kb/HT213345mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.