{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-22464", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-12-29T03:00:40.879Z", "datePublished": "2023-01-04T15:12:50.980Z"}, "containers": {"cna": {"title": "ViewVC XSS vulnerability in revision view changed path \"copyfrom\" locations", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h"}, {"name": "https://github.com/viewvc/viewvc/issues/311", "tags": ["x_refsource_MISC"], "url": "https://github.com/viewvc/viewvc/issues/311"}, {"name": "https://github.com/viewvc/viewvc/releases/tag/1.1.30", "tags": ["x_refsource_MISC"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.30"}, {"name": "https://github.com/viewvc/viewvc/releases/tag/1.2.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.3"}], "affected": [{"vendor": "viewvc", "product": "viewvc", "versions": [{"version": "< 1.1.30", "status": "affected"}, {"version": ">= 1.2.0, < 1.2.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-04T15:12:50.980Z"}, "descriptions": [{"lang": "en", "value": "ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path \"copyfrom paths\" during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.copy_path]` will become `[format \"html\"][changes.copy_path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else \"copyfrom path\" names will be doubly escaped.)\n"}], "source": {"advisory": "GHSA-jvpj-293q-q53h", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC8C4A66-8160-4D22-B5D3-F7E59305B977", "versionEndExcluding": "1.1.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF380062-387A-470F-9E82-B9323FF0E737", "versionEndExcluding": "1.2.3", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.3 (if they are using a 1.2.x version of ViewVC) or 1.1.30 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement one of the following workarounds. Users can edit their ViewVC EZT view templates to manually HTML-escape changed path \"copyfrom paths\" during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.copy_path]` will become `[format \"html\"][changes.copy_path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else \"copyfrom path\" names will be doubly escaped.)\n"}, {"lang": "es", "value": "ViewVC es una interfaz de navegador para repositorios de control de versiones CVS y Subversion. Las versiones anteriores a 1.2.3 y 1.1.30 son vulnerables a cross-site scripting. El impacto de esta vulnerabilidad se ve mitigado por la necesidad de que un atacante tenga privilegios de confirmaci\u00f3n en un repositorio de Subversion expuesto por una instancia de ViewVC que de otro modo ser\u00eda confiable. El vector de ataque involucra archivos con nombres no seguros (nombres que, cuando se incrustan en una secuencia HTML, har\u00edan que el navegador ejecute c\u00f3digo no deseado), que a su vez pueden ser dif\u00edciles de crear. Los usuarios deben actualizar al menos a la versi\u00f3n 1.2.3 (si usan una versi\u00f3n 1.2.x de ViewVC) o 1.1.30 (si usan una versi\u00f3n 1.1.x). ViewVC 1.0.x ya no es compatible, por lo que los usuarios de ese linaje de versiones deben implementar una de las siguientes soluciones. Los usuarios pueden editar sus plantillas de vista ViewVC EZT para escapar manualmente de la ruta cambiada en HTML \"copiar desde rutas\" durante el renderizado. Ubique en el archivo `revision.ezt` de su conjunto de plantillas las referencias a esas rutas modificadas y envu\u00e9lvalas con `[formato \"html\"]` y `[end]`. Para la mayor\u00eda de los usuarios, eso significa que las referencias a `[changes.copy_path]` se convertir\u00e1n en `[format \"html\"][changes.copy_path][end]`. (Este workaround debe revertirse despu\u00e9s de actualizar a una versi\u00f3n parcheada de ViewVC; de lo contrario, los nombres de \"ruta de copia\" aparecer\u00e1n doblemente como escape)."}], "id": "CVE-2023-22464", "lastModified": "2023-11-07T04:06:56.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-01-04T16:15:09.237", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/issues/311"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.30"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.3"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}