CVE-2007-2448

Description

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

How to fix CVE-2007-2448

To remediate CVE-2007-2448, upgrade the affected package to a fixed version below.

• Debian/subversion—upgrade to 1.4.4dfsg1-1 or later

Is CVE-2007-2448 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.4.4dfsg1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2448