ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
Software | From | Fixed in |
---|---|---|
viewvc / viewvc | 1.0.2 | 1.0.2.x |
viewvc / viewvc | 1.0.3 | 1.0.3.x |