Launchpad.net

CVE 2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.

Related bugs and status

CVE-2021-28544 (Candidate) is related to these bugs:

Bug #1970228: Multiple vulnerabilities in Bionic, Focal and Jammy

		In	Importance	Status
1970228	Multiple vulnerabilities in Bionic, Focal and Jammy	subversion (Ubuntu)	Undecided	Fix Released
1970228	Multiple vulnerabilities in Bionic, Focal and Jammy	subversion (Ubuntu Bionic)	Undecided	Fix Released
1970228	Multiple vulnerabilities in Bionic, Focal and Jammy	subversion (Ubuntu Focal)	Undecided	Fix Released
1970228	Multiple vulnerabilities in Bionic, Focal and Jammy	subversion (Ubuntu Jammy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2021-28544

Related bugs and status

Related bugs

References