3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.7%
Thijs Kinkhorst reports:
James Clawson reported:
“Arbitrary files with a known path can be accessed in websvn by
committing a symlink to a repository and then downloading the file
(using the download link).
An attacker must have write access to the repo, and the download
option must have been enabled in the websvn config file.”