CVE-2021-28544 — MEDIUM (4.3)

Q: How severe is CVE-2021-28544?

CVE-2021-28544 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-28544?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Subversion, Debian Debian Linux, Fedoraproject Fedora, Apple Macos.

Vulnerability Description

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Subversion	>= 1.10.0, <= 1.14.1
Debian	Debian Linux	10.0
Fedoraproject	Fedora	35
Apple	Macos	>= 12.0, < 12.5

Related Weaknesses (CWE)

CWE-200

References

http://seclists.org/fulldisclosure/2022/Jul/18Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://subversion.apache.org/security/CVE-2021-28544-advisory.txtExploitPatchVendor Advisory
https://support.apple.com/kb/HT213345Third Party Advisory
https://www.debian.org/security/2022/dsa-5119Third Party Advisory
http://seclists.org/fulldisclosure/2022/Jul/18Mailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing ListThird Party Advisory
https://subversion.apache.org/security/CVE-2021-28544-advisory.txtExploitPatchVendor Advisory
https://support.apple.com/kb/HT213345Third Party Advisory
https://www.debian.org/security/2022/dsa-5119Third Party Advisory

FAQ

What is CVE-2021-28544?

CVE-2021-28544 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a ...

How severe is CVE-2021-28544?

CVE-2021-28544 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28544?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Subversion, Debian Debian Linux, Fedoraproject Fedora, Apple Macos.