2014-10-09 Flaw Discovered 2014-10-20 Vendor contacted 2014-10-21 Vendor response 2014-12-08 Vendor fix proposal 2014-12-08 Extension of embargo to 19.4.2015 2015-05-04 Extension of embargo until release of version 5.0 2015-05-18 Release of version 5.0 and public disclosure
The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "fileName" parameter of the "tail" action
Sample URL: https://example.com:4434/csvn/log/tail?fileName=..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&startIndex=0
Remove feature or santizes the fileName parameter so that no path traversals and arbitrary file inclusions are possible.
[...] now allow only showing hooks/logs within the intended directories.