Vulnerability Description
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Subversion | <= 1.6.21 |
| Collabnet | Subversion | 1.6.17 |
| Opensuse | Opensuse | 11.4 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADk
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADk
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://subversion.apache.org/security/CVE-2013-2088-advisory.txtVendor Advisory
- https://www.exploit-db.com/exploits/40507/
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADk
- http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADk
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://subversion.apache.org/security/CVE-2013-2088-advisory.txtVendor Advisory
- https://www.exploit-db.com/exploits/40507/
FAQ
What is CVE-2013-2088?
CVE-2013-2088 is a vulnerability with a CVSS score of 7.1 (HIGH). contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
How severe is CVE-2013-2088?
CVE-2013-2088 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2088?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Subversion, Collabnet Subversion, Opensuse Opensuse.