CWE-527 将CVS仓库暴露给非授权控制范围
Exposure of CVS Repository to an Unauthorized Control Sphere
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The product stores a CVS repository in a directory or other container that is accessible to actors outside of the intended control sphere.
扩展描述
Information contained within a CVS subdirectory on a web server or other server could be recovered by an attacker and used for malicious purposes. This information may include usernames, filenames, path root, and IP addresses.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 538 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 538 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 552 cwe_View_ID: 1000
-
cwe_Nature: ChildOf cwe_CWE_ID: 552 cwe_View_ID: 699
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Confidentiality | ['Read Application Data', 'Read Files or Directories'] |
可能的缓解方案
['Operation', 'Distribution', 'System Configuration']
策略:
Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed.