DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2021-28544", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-28544", "description": "Apache Subversion SVN authz protected copyfrom paths regression Subversion\nservers reveal 'copyfrom' paths that should be hidden according to\nconfigured path-based authorization (authz) rules. When a node has been\ncopied from a protected location, users with access to the copy can see the\n'copyfrom' path of the original. This also reveals the fact that the node\nwas copied. Only the 'copyfrom' path is revealed; not its contents. Both\nhttpd and svnserve servers are vulnerable.", "published": "2021-04-12T00:00:00", "modified": "2021-04-12T00:00:00", "epss": [{"cve": "CVE-2021-28544", "epss": 0.00284, "percentile": 0.63995, "modified": "2023-05-27"}], "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://ubuntu.com/security/CVE-2021-28544", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544", "https://ubuntu.com/security/notices/USN-5372-1", "https://ubuntu.com/security/notices/USN-5450-1", "https://nvd.nist.gov/vuln/detail/CVE-2021-28544", "https://launchpad.net/bugs/cve/CVE-2021-28544", "https://security-tracker.debian.org/tracker/CVE-2021-28544"], "cvelist": ["CVE-2021-28544"], "immutableFields": [], "lastseen": "2023-05-28T13:31:04", "viewCount": 10, "enchantments": {"score": {"value": 6.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-28544"]}, {"type": "apple", "idList": ["APPLE:71C798D0F46D1E956B1D27B4A004E9B9"]}, {"type": "cve", "idList": ["CVE-2021-28544"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5119-1:7E87F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-28544"]}, {"type": "fedora", "idList": ["FEDORA:1A1AC3021A53", "FEDORA:4842C30687AF"]}, {"type": "freebsd", "idList": ["3A1DC8C8-BB27-11EC-98D1-D43D7EED0CE2"]}, {"type": "ibm", "idList": ["9209CA54A0A6D36B7CC32191CCFD17C389F41528924D698986F497F467C293A7"]}, {"type": "mageia", "idList": ["MGASA-2022-0140"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-149.NASL", "AL2023_ALAS2023-2023-011.NASL", "DEBIAN_DSA-5119.NASL", "EULEROS_SA-2022-1952.NASL", "EULEROS_SA-2022-1983.NASL", "EULEROS_SA-2022-2013.NASL", "EULEROS_SA-2022-2147.NASL", "EULEROS_SA-2022-2172.NASL", "FREEBSD_PKG_3A1DC8C8BB2711EC98D1D43D7EED0CE2.NASL", "MACOS_HT213345.NASL", "MARINER_SUBVERSION_CVE-2021-28544.NASL", "SUSE_SU-2022-1161-1.NASL", "SUSE_SU-2022-1162-1.NASL", "SUSE_SU-2022-1483-1.NASL", "UBUNTU_USN-5372-1.NASL", "UBUNTU_USN-5450-1.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2021-28544", "OSV:DSA-5119-1"]}, {"type": "photon", "idList": ["PHSA-2022-0189", "PHSA-2022-0389", "PHSA-2022-3.0-0389", "PHSA-2022-4.0-0189"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28544"]}, {"type": "suse", "idList": ["SUSE-SU-2022:1162-1"]}, {"type": "ubuntu", "idList": ["USN-5372-1", "USN-5450-1"]}, {"type": "veracode", "idList": ["VERACODE:35089"]}]}, "epss": [{"cve": "CVE-2021-28544", "epss": 0.00284, "percentile": 0.63968, "modified": "2023-05-02"}], "vulnersScore": 6.0}, "_state": {"score": 1685280776, "dependencies": 1685280701, "epss": 0}, "_internal": {"score_hash": "4a55567f6c3ea426ac0f41e62bfd113e"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "1.13.0-3ubuntu0.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "subversion"}, {"OS": "ubuntu", "OSVersion": "21.10", "arch": "noarch", "packageVersion": "1.14.1-3ubuntu0.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "subversion"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "1.14.1-3ubuntu0.22.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "subversion"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "1.14.2 and 1.10.8", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "subversion"}], "bugs": []}

{"prion": [{"lastseen": "2023-08-16T02:56:34", "description": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-12T18:15:00", "type": "prion", "title": "CVE-2021-28544", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2023-02-11T17:44:00", "id": "PRION:CVE-2021-28544", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-28544", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-08-30T19:54:50", "description": "The version of subversion installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-28544 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: subversion (CVE-2021-28544)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544"], "modified": "2023-08-30T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:subversion", "p-cpe:/a:microsoft:cbl-mariner:subversion-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:subversion-devel", "p-cpe:/a:microsoft:cbl-mariner:subversion-perl", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_SUBVERSION_CVE-2021-28544.NASL", "href": "https://www.tenable.com/plugins/nessus/172796", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172796);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/30\");\n\n script_cve_id(\"CVE-2021-28544\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: subversion (CVE-2021-28544)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of subversion installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2021-28544 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2021-28544\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'subversion-1.14.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'subversion / subversion-debuginfo / subversion-devel / subversion-perl');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-11T14:39:49", "description": "The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5450-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-27T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn", "p-cpe:/a:canonical:ubuntu_linux:libsvn-dev", "p-cpe:/a:canonical:ubuntu_linux:libsvn-java", "p-cpe:/a:canonical:ubuntu_linux:libsvn-perl", "p-cpe:/a:canonical:ubuntu_linux:libsvn1", "p-cpe:/a:canonical:ubuntu_linux:python3-subversion", "p-cpe:/a:canonical:ubuntu_linux:ruby-svn", "p-cpe:/a:canonical:ubuntu_linux:subversion", "p-cpe:/a:canonical:ubuntu_linux:subversion-tools"], "id": "UBUNTU_USN-5450-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161633", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5450-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161633);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"USN\", value:\"5450-1\");\n\n script_name(english:\"Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5450-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5450-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '22.04', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn-dev', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn-java', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn-perl', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libsvn1', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'python3-subversion', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'ruby-svn', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'subversion', 'pkgver': '1.14.1-3ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'subversion-tools', 'pkgver': '1.14.1-3ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libsvn-dev / libsvn-java / libsvn-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T15:01:30", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1162-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : subversion (SUSE-SU-2022:1162-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:subversion", "p-cpe:/a:novell:suse_linux:subversion-bash-completion", "p-cpe:/a:novell:suse_linux:subversion-devel", "p-cpe:/a:novell:suse_linux:subversion-perl", "p-cpe:/a:novell:suse_linux:subversion-python", "p-cpe:/a:novell:suse_linux:subversion-server", "p-cpe:/a:novell:suse_linux:subversion-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1162-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159700", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1162-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159700);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1162-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : subversion (SUSE-SU-2022:1162-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:1162-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24070\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010684.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddb2f151\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-bash-completion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-bash-completion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-perl-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-perl-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-python-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-python-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-server-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-tools-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-tools-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-bash-completion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-bash-completion-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-devel-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-perl-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-perl-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-python-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-python-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-server-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-tools-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'subversion-tools-1.10.6-150300.10.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'subversion / subversion-bash-completion / subversion-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:06", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2172)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2172.NASL", "href": "https://www.tenable.com/plugins/nessus/163530", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163530);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2172)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2172\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7d21062\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.12.2-1.h4.eulerosv2r10\",\n \"subversion-help-1.12.2-1.h4.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:42", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-1983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1983.NASL", "href": "https://www.tenable.com/plugins/nessus/162916", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162916);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-1983)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1983\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c5e9dd1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.10.6-2.h5.eulerosv2r9\",\n \"subversion-help-1.10.6-2.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:06", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2147)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2147.NASL", "href": "https://www.tenable.com/plugins/nessus/163528", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163528);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2147)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2147\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4df6a248\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.12.2-1.h4.eulerosv2r10\",\n \"subversion-help-1.12.2-1.h4.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:44:20", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1161-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : subversion (SUSE-SU-2022:1161-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:subversion", "p-cpe:/a:novell:suse_linux:subversion-bash-completion", "p-cpe:/a:novell:suse_linux:subversion-devel", "p-cpe:/a:novell:suse_linux:subversion-perl", "p-cpe:/a:novell:suse_linux:subversion-python", "p-cpe:/a:novell:suse_linux:subversion-server", "p-cpe:/a:novell:suse_linux:subversion-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1161-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159702", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1161-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159702);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1161-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : subversion (SUSE-SU-2022:1161-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:1161-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24070\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-April/010683.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4505f0e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1/2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-bash-completion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'subversion-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'subversion-devel-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'subversion-perl-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'subversion-python-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'subversion-server-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'subversion-tools-1.10.6-150000.3.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'subversion / subversion-bash-completion / subversion-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:49", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-149 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-149)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-10-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python3-subversion", "p-cpe:/a:amazon:linux:python3-subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion", "p-cpe:/a:amazon:linux:subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion-debugsource", "p-cpe:/a:amazon:linux:subversion-devel", "p-cpe:/a:amazon:linux:subversion-devel-debuginfo", "p-cpe:/a:amazon:linux:subversion-javahl", "p-cpe:/a:amazon:linux:subversion-libs", "p-cpe:/a:amazon:linux:subversion-libs-debuginfo", "p-cpe:/a:amazon:linux:subversion-perl", "p-cpe:/a:amazon:linux:subversion-perl-debuginfo", "p-cpe:/a:amazon:linux:subversion-tools", "p-cpe:/a:amazon:linux:subversion-tools-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-149.NASL", "href": "https://www.tenable.com/plugins/nessus/166120", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-149.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166120);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/14\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-149)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-149 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-149.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28544.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24070.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update subversion --releasever=2022.0.20221012' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'python3-subversion-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.2-5.amzn2022.0.1', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2022.0.1', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-subversion / python3-subversion-debuginfo / subversion / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-11T14:35:40", "description": "The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5372-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-12T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.10 : Subversion vulnerabilities (USN-5372-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn", "p-cpe:/a:canonical:ubuntu_linux:libsvn-dev", "p-cpe:/a:canonical:ubuntu_linux:libsvn-java", "p-cpe:/a:canonical:ubuntu_linux:libsvn-perl", "p-cpe:/a:canonical:ubuntu_linux:libsvn1", "p-cpe:/a:canonical:ubuntu_linux:python-subversion", "p-cpe:/a:canonical:ubuntu_linux:python3-subversion", "p-cpe:/a:canonical:ubuntu_linux:ruby-svn", "p-cpe:/a:canonical:ubuntu_linux:subversion", "p-cpe:/a:canonical:ubuntu_linux:subversion-tools"], "id": "UBUNTU_USN-5372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159689", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5372-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159689);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"USN\", value:\"5372-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.10 : Subversion vulnerabilities (USN-5372-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5372-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5372-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:subversion-tools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '21.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn-dev', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn-java', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn-perl', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'libsvn1', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'python-subversion', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'ruby-svn', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'subversion', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '20.04', 'pkgname': 'subversion-tools', 'pkgver': '1.13.0-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libapache2-mod-svn', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn-dev', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn-java', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn-perl', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'libsvn1', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'python3-subversion', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'ruby-svn', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'subversion', 'pkgver': '1.14.1-3ubuntu0.1'},\n {'osver': '21.10', 'pkgname': 'subversion-tools', 'pkgver': '1.14.1-3ubuntu0.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libsvn-dev / libsvn-java / libsvn-perl / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:55", "description": "The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5119 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "Debian DSA-5119-1 : subversion - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libapache2-mod-svn", "p-cpe:/a:debian:debian_linux:libsvn-dev", "p-cpe:/a:debian:debian_linux:libsvn-doc", "p-cpe:/a:debian:debian_linux:libsvn-java", "p-cpe:/a:debian:debian_linux:libsvn-perl", "p-cpe:/a:debian:debian_linux:libsvn1", "p-cpe:/a:debian:debian_linux:python-subversion", "p-cpe:/a:debian:debian_linux:python3-subversion", "p-cpe:/a:debian:debian_linux:ruby-svn", "p-cpe:/a:debian:debian_linux:subversion", "p-cpe:/a:debian:debian_linux:subversion-tools", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5119.NASL", "href": "https://www.tenable.com/plugins/nessus/159709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5119. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159709);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"Debian DSA-5119-1 : subversion - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5119 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/subversion\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/subversion\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the subversion packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libapache2-mod-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsvn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+|^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0 / 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'libapache2-mod-svn', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-dev', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-doc', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-java', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn-perl', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'libsvn1', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python-subversion', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'python3-subversion', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'ruby-svn', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'subversion', 'reference': '1.10.4-1+deb10u3'},\n {'release': '10.0', 'prefix': 'subversion-tools', 'reference': '1.10.4-1+deb10u3'},\n {'release': '11.0', 'prefix': 'libapache2-mod-svn', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-dev', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-doc', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-java', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn-perl', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'libsvn1', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'python-subversion', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'python3-subversion', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'ruby-svn', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'subversion', 'reference': '1.14.1-3+deb11u1'},\n {'release': '11.0', 'prefix': 'subversion-tools', 'reference': '1.14.1-3+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libapache2-mod-svn / libsvn-dev / libsvn-doc / libsvn-java / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:38", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-13T00:00:00", "type": "nessus", "title": "FreeBSD : Subversion -- Multiple vulnerabilities in server code (3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mod_dav_svn", "p-cpe:/a:freebsd:freebsd:mod_dav_svn-lts", "p-cpe:/a:freebsd:freebsd:subversion", "p-cpe:/a:freebsd:freebsd:subversion-lts", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3A1DC8C8BB2711EC98D1D43D7EED0CE2.NASL", "href": "https://www.tenable.com/plugins/nessus/159710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159710);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/26\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"FreeBSD : Subversion -- Multiple vulnerabilities in server code (3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://subversion.apache.org/security/CVE-2021-28544-advisory.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://subversion.apache.org/security/CVE-2022-24070-advisory.txt\");\n # https://vuxml.freebsd.org/freebsd/3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af82e870\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mod_dav_svn-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:subversion-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'mod_dav_svn-lts>=1.10.0<1.10.8',\n 'mod_dav_svn>=1.10.0<1.10.8',\n 'mod_dav_svn>=1.11.0<1.14.2',\n 'subversion-lts>=1.10.0<1.10.8',\n 'subversion>=1.10.0<1.10.8',\n 'subversion>=1.11.0<1.14.2'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:34", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1952)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-06-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:mod_dav_svn", "p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1952.NASL", "href": "https://www.tenable.com/plugins/nessus/162446", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162446);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/22\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1952)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1952\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?780fe5eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_dav_svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"mod_dav_svn-1.10.2-1.h6.eulerosv2r8\",\n \"subversion-1.10.2-1.h6.eulerosv2r8\",\n \"subversion-libs-1.10.2-1.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:26", "description": "According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-2013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:subversion", "p-cpe:/a:huawei:euleros:subversion-help", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2013.NASL", "href": "https://www.tenable.com/plugins/nessus/162904", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162904);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-2013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2013\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?327d6766\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected subversion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:subversion-help\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"subversion-1.10.6-2.h5.eulerosv2r9\",\n \"subversion-help-1.10.6-2.h5.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"subversion\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T15:09:15", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1483-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : subversion (SUSE-SU-2022:1483-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libsvn_auth_gnome_keyring-1-0", "p-cpe:/a:novell:suse_linux:subversion", "p-cpe:/a:novell:suse_linux:subversion-bash-completion", "p-cpe:/a:novell:suse_linux:subversion-devel", "p-cpe:/a:novell:suse_linux:subversion-perl", "p-cpe:/a:novell:suse_linux:subversion-python", "p-cpe:/a:novell:suse_linux:subversion-server", "p-cpe:/a:novell:suse_linux:subversion-tools", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-1483-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160462", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1483-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160462);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1483-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : subversion (SUSE-SU-2022:1483-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:1483-1 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198503\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24070\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/010905.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e96dbec9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsvn_auth_gnome_keyring-1-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-bash-completion-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-devel-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-perl-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-python-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-server-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'subversion-tools-1.10.6-3.6.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'libsvn_auth_gnome_keyring-1-0-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-bash-completion-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-devel-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-perl-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-python-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-server-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'subversion-tools-1.10.6-3.6.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsvn_auth_gnome_keyring-1-0 / subversion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:36", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-011 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : python3-subversion, subversion, subversion-devel (ALAS2023-2023-011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2023-04-21T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python3-subversion", "p-cpe:/a:amazon:linux:python3-subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion", "p-cpe:/a:amazon:linux:subversion-debuginfo", "p-cpe:/a:amazon:linux:subversion-debugsource", "p-cpe:/a:amazon:linux:subversion-devel", "p-cpe:/a:amazon:linux:subversion-devel-debuginfo", "p-cpe:/a:amazon:linux:subversion-javahl", "p-cpe:/a:amazon:linux:subversion-libs", "p-cpe:/a:amazon:linux:subversion-libs-debuginfo", "p-cpe:/a:amazon:linux:subversion-perl", "p-cpe:/a:amazon:linux:subversion-perl-debuginfo", "p-cpe:/a:amazon:linux:subversion-tools", "p-cpe:/a:amazon:linux:subversion-tools-debuginfo", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-011.NASL", "href": "https://www.tenable.com/plugins/nessus/173122", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-011.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173122);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/21\");\n\n script_cve_id(\"CVE-2021-28544\", \"CVE-2022-24070\");\n\n script_name(english:\"Amazon Linux 2023 : python3-subversion, subversion, subversion-devel (ALAS2023-2023-011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-011 advisory.\n\n - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths\n that should be hidden according to configured path-based authorization (authz) rules. When a node has been\n copied from a protected location, users with access to the copy can see the 'copyfrom' path of the\n original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not\n its contents. Both httpd and svnserve servers are vulnerable. (CVE-2021-28544)\n\n - Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization\n rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion\n mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not\n affected. (CVE-2022-24070)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-011.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28544.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24070.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update subversion --releasever=2023.0.20230222 ' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28544\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-javahl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-perl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:subversion-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'python3-subversion-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-subversion-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-debugsource-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-devel-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-javahl-1.14.2-5.amzn2023.0.2', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-libs-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-perl-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'subversion-tools-debuginfo-1.14.2-5.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-subversion / python3-subversion-debuginfo / subversion / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T17:49:59", "description": "The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, affected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.", "cvss3": {}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "macOS 12.x < 12.5 (HT213345)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x", "cpe:/o:apple:macos"], "id": "MACOS_HT213345.NASL", "href": "https://www.tenable.com/plugins/nessus/164291", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164291);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\n \"CVE-2021-28544\",\n \"CVE-2022-2294\",\n \"CVE-2022-24070\",\n \"CVE-2022-26981\",\n \"CVE-2022-29046\",\n \"CVE-2022-29048\",\n \"CVE-2022-32785\",\n \"CVE-2022-32786\",\n \"CVE-2022-32787\",\n \"CVE-2022-32789\",\n \"CVE-2022-32792\",\n \"CVE-2022-32793\",\n \"CVE-2022-32796\",\n \"CVE-2022-32797\",\n \"CVE-2022-32798\",\n \"CVE-2022-32799\",\n \"CVE-2022-32800\",\n \"CVE-2022-32801\",\n \"CVE-2022-32805\",\n \"CVE-2022-32807\",\n \"CVE-2022-32810\",\n \"CVE-2022-32811\",\n \"CVE-2022-32812\",\n \"CVE-2022-32813\",\n \"CVE-2022-32814\",\n \"CVE-2022-32815\",\n \"CVE-2022-32816\",\n \"CVE-2022-32817\",\n \"CVE-2022-32818\",\n \"CVE-2022-32819\",\n \"CVE-2022-32820\",\n \"CVE-2022-32821\",\n \"CVE-2022-32823\",\n \"CVE-2022-32825\",\n \"CVE-2022-32826\",\n \"CVE-2022-32828\",\n \"CVE-2022-32829\",\n \"CVE-2022-32831\",\n \"CVE-2022-32832\",\n \"CVE-2022-32834\",\n \"CVE-2022-32837\",\n \"CVE-2022-32838\",\n \"CVE-2022-32839\",\n \"CVE-2022-32840\",\n \"CVE-2022-32841\",\n \"CVE-2022-32842\",\n \"CVE-2022-32843\",\n \"CVE-2022-32845\",\n \"CVE-2022-32847\",\n \"CVE-2022-32848\",\n \"CVE-2022-32849\",\n \"CVE-2022-32851\",\n \"CVE-2022-32852\",\n \"CVE-2022-32853\",\n \"CVE-2022-32857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT213345\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2022-07-20\");\n script_xref(name:\"IAVA\", value:\"2022-A-0295-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0442-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/09/15\");\n\n script_name(english:\"macOS 12.x < 12.5 (HT213345)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update or supplemental update that fixes multiple\nvulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.5 Monterey. It is, therefore, \naffected by multiple vulnerabilities :\n\n - Exploitation of this vulnerability may lead to memory corruption issue. (CVE-2022-32787)\n\n - Exploitation of this vulnerability may to disclose kernel memory. (CVE-2022-32793)\n\n - Exploitation of this vulnerability may lead to gain elevated privileges. (CVE-2022-32798)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-gb/HT213345\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 12.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-26981\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-32845\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf_extras_apple.inc');\n\nvar app_info = vcf::apple::macos::get_app_info();\nvar constraints = [\n {\n 'min_version': '12.0', \n 'fixed_version': '12.5', \n 'fixed_display': 'macOS Monterey 12.5'\n }\n];\n\nvcf::apple::macos::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-07-08T02:21:23", "description": "A flaw was found in Subversion. When using path-based authorization (authz), the helper function detect_changed() does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its 'copyfrom' path (the path to the protected location) is reported even when omission should occur.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-13T05:22:18", "type": "redhatcve", "title": "CVE-2021-28544", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2023-07-08T02:15:46", "id": "RH:CVE-2021-28544", "href": "https://access.redhat.com/security/cve/cve-2021-28544", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-05-27T14:35:38", "description": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-12T18:15:00", "type": "cve", "title": "CVE-2021-28544", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2023-02-11T17:44:00", "cpe": ["cpe:/a:apache:subversion:1.14.1", "cpe:/o:debian:debian_linux:11.0", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2021-28544", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28544", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:apache:subversion:1.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "ibm": [{"lastseen": "2023-05-27T17:49:12", "description": "## Summary\n\nApache Subversion is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-28544](<https://vulners.com/cve/CVE-2021-28544>) \n** DESCRIPTION: **Apache Subversion could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the configured path-based authorization (authz) rules. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the \"copyfrom\" paths information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224010>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Netcool Impact| 7.1.0 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation \n---|---|---|--- \nIBM Tivoli Netcool Impact 7.1.0| 7.1.0.26| IJ39754| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP26](<https://www.ibm.com/support/pages/node/6587919> \"IBM Tivoli Netcool Impact 7.1.0 FP26\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-07-06T05:35:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2021-28544)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2022-07-06T05:35:34", "id": "9209CA54A0A6D36B7CC32191CCFD17C389F41528924D698986F497F467C293A7", "href": "https://www.ibm.com/support/pages/node/6601531", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-05-27T15:16:34", "description": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-12T18:15:00", "type": "debiancve", "title": "CVE-2021-28544", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2022-04-12T18:15:00", "id": "DEBIANCVE:CVE-2021-28544", "href": "https://security-tracker.debian.org/tracker/CVE-2021-28544", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "alpinelinux": [{"lastseen": "2023-06-23T11:06:48", "description": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-12T18:15:00", "type": "alpinelinux", "title": "CVE-2021-28544", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2023-02-11T17:44:00", "id": "ALPINE:CVE-2021-28544", "href": "https://security.alpinelinux.org/vuln/CVE-2021-28544", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2023-02-11T20:52:26", "description": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable.", "cvss3": {}, "published": "2022-04-12T18:15:00", "type": "osv", "title": "CVE-2021-28544", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-28544"], "modified": "2023-02-11T20:52:21", "id": "OSV:CVE-2021-28544", "href": "https://osv.dev/vulnerability/CVE-2021-28544", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:20:53", "description": "\nSeveral vulnerabilities were discovered in Subversion, a version control\nsystem.\n\n\n* [CVE-2021-28544](https://security-tracker.debian.org/tracker/CVE-2021-28544)\nEvgeny Kotkov reported that Subversion servers reveal copyfrom\n paths that should be hidden according to configured path-based\n authorization (authz) rules.\n* [CVE-2022-24070](https://security-tracker.debian.org/tracker/CVE-2022-24070)\nThomas Weissschuh reported that Subversion's mod\\_dav\\_svn is prone to\n a use-after-free vulnerability when looking up path-based\n authorization rules, which can result in denial of service (crash of\n HTTPD worker handling the request).\n\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 1.10.4-1+deb10u3.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.14.1-3+deb11u1.\n\n\nWe recommend that you upgrade your subversion packages.\n\n\nFor the detailed security status of subversion please refer to its\nsecurity tracker page at:\n<https://security-tracker.debian.org/tracker/subversion>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-04-13T00:00:00", "type": "osv", "title": "subversion - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24070", "CVE-2021-28544"], "modified": "2022-08-10T07:20:52", "id": "OSV:DSA-5119-1", "href": "https://osv.dev/vulnerability/DSA-5119-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-02-17T01:25:53", "description": "subversion is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to sensitive information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-04-13T15:52:02", "type": "veracode", "title": "Information Disclosure", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544"], "modified": "2023-02-11T19:23:03", "id": "VERACODE:35089", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-35089/summary", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2022-11-06T17:58:07", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for subversion fixes the following issues:\n\n - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used\n by Apache HTTP server. This could be exploited by a remote attacker to\n cause a denial of service (bsc#1197940).\n - CVE-2021-28544: Fixed an information leak issue where Subversion servers\n may reveal the original path of files protected by path-based\n authorization (bsc#1197939).\n\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-1162=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-1162=1\n\n - SUSE Linux Enterprise Module for Server Applications 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1162=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1162=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1162=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "suse", "title": "Security update for subversion (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-12T00:00:00", "id": "SUSE-SU-2022:1162-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KXSXZW26RGP67WJOX3BWXR6OBVUHSVYF/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-06-14T15:23:39", "description": "SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T16:06:19", "type": "mageia", "title": "Updated subversion packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-13T16:06:19", "id": "MGASA-2022-0140", "href": "https://advisories.mageia.org/MGASA-2022-0140.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-06-14T15:18:45", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n\n## Packages\n\n * subversion \\- Advanced version control system\n\nEvgeny Kotkov discovered that subversion servers did not properly follow \npath-based authorization rules in certain cases. An attacker could \npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\u00dfschuh discovered that subversion servers did not properly handle \nmemory in certain configurations. A remote attacker could potentially use \nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-27T00:00:00", "type": "ubuntu", "title": "Subversion vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-05-27T00:00:00", "id": "USN-5450-1", "href": "https://ubuntu.com/security/notices/USN-5450-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-14T15:20:17", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * subversion \\- Advanced version control system\n\nEvgeny Kotkov discovered that Subversion servers did not properly follow \npath-based authorization rules in certain cases. An attacker could \npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\u00dfschuh discovered that Subversion servers did not properly handle \nmemory in certain configurations. A remote attacker could potentially use \nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "ubuntu", "title": "Subversion vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-12T00:00:00", "id": "USN-5372-1", "href": "https://ubuntu.com/security/notices/USN-5372-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "rosalinux": [{"lastseen": "2023-09-08T22:38:57", "description": "software: subversion 1.14.2\nOS: ROSA-CHROME\n\npackage_evr_string: subversion-1.14.2-1.src.rpm\n\nCVE-ID: CVE-2020-17525\nBDU-ID: 2022-00306\nCVE-Crit: MEDIUM\nCVE-DESC.: A vulnerability in the mod_authz_svn module of the Subversion centralized version control system is related to incorrect handling of requests for non-existent URLs. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service\nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update subversion\n\nCVE-ID: CVE-2021-28544\nBDU-ID: 2022-05773\nCVE-Crit: LOW\nCVE-DESC.: A vulnerability in the Subversion centralized version control system is related to improper authorization. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data\nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update subversion\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-08-15T09:37:11", "type": "rosalinux", "title": "Advisory ROSA-SA-2023-2216", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17525", "CVE-2021-28544"], "modified": "2023-08-15T09:37:11", "id": "ROSA-SA-2023-2216", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2216", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2023-06-14T15:15:50", "description": "Updates of ['subversion'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0389", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-05-03T00:00:00", "id": "PHSA-2022-3.0-0389", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-389", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:33:33", "description": "Updates of ['subversion'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-03T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0389", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-05-03T00:00:00", "id": "PHSA-2022-0389", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-389", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-24T15:42:40", "description": "Updates of ['curl', 'subversion'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-04-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0470", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-22576", "CVE-2022-24070", "CVE-2022-27774"], "modified": "2022-04-29T00:00:00", "id": "PHSA-2022-0470", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-470", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-05-31T20:40:56", "description": "Updates of ['linux-aws', 'subversion', 'linux-secure', 'linux-rt', 'vim', 'linux-esx', 'linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-27T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0189", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1621", "CVE-2022-1629", "CVE-2022-21499", "CVE-2022-24070"], "modified": "2022-05-27T00:00:00", "id": "PHSA-2022-0189", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-189", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-24T12:53:38", "description": "Updates of ['linux-secure', 'subversion', 'linux-rt', 'linux', 'linux-aws', 'vim', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0189", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1621", "CVE-2022-1629", "CVE-2022-21499", "CVE-2022-24070"], "modified": "2022-05-27T00:00:00", "id": "PHSA-2022-4.0-0189", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-189", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-14T15:20:40", "description": "\n\nSubversion project reports:\n\n\n\t Subversion servers reveal 'copyfrom' paths that should be hidden according\n\t to configured path-based authorization (authz) rules. When a node has been\n\t copied from a protected location, users with access to the copy can see the\n\t 'copyfrom' path of the original. This also reveals the fact that the node\n\t was copied. Only the 'copyfrom' path is revealed; not its contents. Both\n\t httpd and svnserve servers are vulnerable.\n\t \n\n\n\n\t While looking up path-based authorization rules, mod_dav_svn servers\n\t may attempt to use memory which has already been freed.\n\t \n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "freebsd", "title": "Subversion -- Multiple vulnerabilities in server code", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-12T00:00:00", "id": "3A1DC8C8-BB27-11EC-98D1-D43D7EED0CE2", "href": "https://vuxml.freebsd.org/freebsd/3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2023-06-14T15:14:43", "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-15T01:17:37", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: subversion-1.14.2-5.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-15T01:17:37", "id": "FEDORA:1A1AC3021A53", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PZ4ARNGLMGYBKYDX2B7DRBNMF6EH3A6R/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-14T15:14:43", "description": "Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-15T01:36:38", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: subversion-1.14.2-5.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-07-15T01:36:38", "id": "FEDORA:4842C30687AF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YJPMCWCGWBN3QWCDVILWQWPC75RR67LT/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-06-18T15:00:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5119-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : subversion\nCVE ID : CVE-2021-28544 CVE-2022-24070\n\nSeveral vulnerabilities were discovered in Subversion, a version control\nsystem.\n\nCVE-2021-28544\n\n Evgeny Kotkov reported that Subversion servers reveal &#x27;copyfrom&#x27;\n paths that should be hidden according to configured path-based\n authorization (authz) rules.\n\nCVE-2022-24070\n\n Thomas Weissschuh reported that Subversion&#x27;s mod_dav_svn is prone to\n a use-after-free vulnerability when looking up path-based\n authorization rules, which can result in denial of service (crash of\n HTTPD worker handling the request).\n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 1.10.4-1+deb10u3.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.14.1-3+deb11u1.\n\nWe recommend that you upgrade your subversion packages.\n\nFor the detailed security status of subversion please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/subversion\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-13T04:21:54", "type": "debian", "title": "[SECURITY] [DSA 5119-1] subversion security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-24070"], "modified": "2022-04-13T04:21:54", "id": "DEBIAN:DSA-5119-1:7E87F", "href": "https://lists.debian.org/debian-security-announce/2022/msg00087.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "apple": [{"lastseen": "2023-08-26T22:43:08", "description": "# About the security content of macOS Monterey 12.5\n\nThis document describes the security content of macOS Monterey 12.5.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Monterey 12.5\n\nReleased July 20, 2022\n\n**AMD**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2022-42858: ABC Research s.r.o.\n\nEntry added May 11, 2023\n\n**APFS**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32832: Tommy Muir (@Muirey03)\n\n**AppleAVD**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause kernel code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2022-32788: Natalie Silvanovich of Google Project Zero\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access user-sensitive data\n\nDescription: This issue was addressed by enabling hardened runtime.\n\nCVE-2022-32880: Wojciech Regu\u0142a (@_r3ggi) of SecuRing, Mickey Jin (@patch1t) of Trend Micro, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added September 16, 2022\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2022-42805: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32948: Mohamed Ghannam (@_simo36)\n\nEntry added November 9, 2022\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\n**Apple Neural Engine**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nEntry updated November 9, 2022\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\n\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**AppleScript**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\n**Archive Utility**\n\nAvailable for: macOS Monterey\n\nImpact: An archive may be able to bypass Gatekeeper\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32910: Ferdous Saljooki (@malwarezoo) of Jamf Software\n\nEntry added October 4, 2022\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32820: an anonymous researcher\n\n**Audio**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\n**Automation**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to bypass Privacy preferences\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Calendar**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: The issue was addressed with improved handling of caches.\n\nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**CoreMedia**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)\n\n**CoreText**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may cause an unexpected app termination or arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\n**File System Events**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32819: Joshua Mason of Mandiant\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: Multiple out-of-bounds write issues were addressed with improved bounds checking.\n\nCVE-2022-32793: an anonymous researcher\n\n**GPU Drivers**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\n**iCloud Photo Library**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2022-32849: Joshua Jones\n\n**ICU**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs &amp; DNSLab, Korea Univ.\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin (@patch1t)\n\nEntry added September 16, 2022\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted image may result in disclosure of process memory\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32841: hjy79425575\n\n**ImageIO**\n\nAvailable for: macOS Monterey\n\nImpact: Processing an image may lead to a denial-of-service\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption vulnerability was addressed with improved locking.\n\nCVE-2022-32811: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.\n\n**JavaScriptCore**\n\nAvailable for: macOS Monterey\n\nImpact: Processing web content may lead to arbitrary code execution\n\nDescription: The issue was addressed with improved bounds checks.\n\nWebKit Bugzilla: 241931 \nCVE-2022-48503: Dongzhuo Zhao working with ADLab of Venustech, and ZhaoHai of Cyberpeace Tech Co., Ltd.\n\nEntry added June 21, 2023\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app with root privileges may be able to execute arbitrary code with kernel privileges\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32813: Xinru Chi of Pangu Lab\n\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32817: Xinru Chi of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32829: Tingting Yin of Tsinghua University, and Min Zheng of Ant Group\n\nEntry updated September 16, 2022\n\n**Liblouis**\n\nAvailable for: macOS Monterey\n\nImpact: An app may cause unexpected app termination or arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)\n\n**libxml2**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive user information\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2022-32823\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved checks.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**Multi-Touch**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: An issue in the handling of environment variables was addressed with improved validation.\n\nCVE-2022-32786: Mickey Jin (@patch1t)\n\n**PackageKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to modify protected parts of the file system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32800: Mickey Jin (@patch1t)\n\n**PluginKit**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\n**PS Normalizer**\n\nAvailable for: macOS Monterey\n\nImpact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2022-32843: Kai Lu of Zscaler's ThreatLabz\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds read issue was addressed with improved input validation.\n\nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain elevated privileges\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position may be able to leak sensitive information\n\nDescription: An out-of-bounds read issue was addressed with improved bounds checking.\n\nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\n**SMB**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to leak sensitive kernel state\n\nDescription: The issue was addressed with improved memory handling.\n\nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\n**Software Update**\n\nAvailable for: macOS Monterey\n\nImpact: A user in a privileged network position can track a user\u2019s activity\n\nDescription: This issue was addressed by using HTTPS when sending information over the network.\n\nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\n**Spindump**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to overwrite arbitrary files\n\nDescription: This issue was addressed with improved file handling.\n\nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Spotlight**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to gain root privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\n**subversion**\n\nAvailable for: macOS Monterey\n\nImpact: Multiple issues in subversion\n\nDescription: Multiple issues were addressed by updating subversion.\n\nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\n\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\n**TCC**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to access sensitive user information\n\nDescription: An access issue was addressed with improvements to the sandbox.\n\nCVE-2022-32834: Xuxiang Yang (@another1024) of Tencent Security Xuanwu Lab (xlab.tencent.com), Gordon Long, Thijs Alkemade (@xnyhps) of Computest Sector 7, Adam Chester from TrustedSec, Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nEntry updated September 16, 2022, updated May 11, 2023 \n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nWebKit Bugzilla: 241526 \nCVE-2022-32885: P1umer(@p1umer) and Q1IQ(@q1iqF)\n\nEntry added May 11, 2023\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: A user may be tracked through their IP address\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2022-32861: Matthias Keller (m-keller.com)\n\nEntry added September 16, 2022\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2022-32863: P1umer(@p1umer), afang5472(@afang5472), xmzyshypnc(@xmzyshypnc1)\n\nEntry added September 16, 2022, updated May 11, 2023 \n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Visiting a website that frames malicious content may lead to UI spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nWebKit Bugzilla: 239316 \nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs &amp; DNSLab, Korea Univ.\n\n**WebKit**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved input validation.\n\nWebKit Bugzilla: 240720 \nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative\n\n**WebRTC**\n\nAvailable for: macOS Monterey\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nWebKit Bugzilla: 242339 \nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2022-32860: Wang Yu of Cyberserval\n\nEntry added November 9, 2022\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to cause unexpected system termination or write kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32837: Wang Yu of Cyberserval\n\n**Wi-Fi**\n\nAvailable for: macOS Monterey\n\nImpact: A remote user may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2022-32847: Wang Yu of Cyberserval\n\n**Windows Server**\n\nAvailable for: macOS Monterey\n\nImpact: An app may be able to capture a user\u2019s screen\n\nDescription: A logic issue was addressed with improved checks.\n\nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Shin Sun of National Taiwan University for their assistance.\n\n**AppleMobileFileIntegrity**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**Calendar**\n\n****We would like to acknowledge Joshua Jones for their assistance.\n\n**configd**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**DiskArbitration**\n\nWe would like to acknowledge Mike Cush for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: June 21, 2023\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-07-20T00:00:00", "type": "apple", "title": "About the security content of macOS Monterey 12.5", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28544", "CVE-2022-2294", "CVE-2022-24070", "CVE-2022-26981", "CVE-2022-29046", "CVE-2022-29048", "CVE-2022-32785", "CVE-2022-32786", "CVE-2022-32787", "CVE-2022-32788", "CVE-2022-32789", "CVE-2022-32792", "CVE-2022-32793", "CVE-2022-32796", "CVE-2022-32797", "CVE-2022-32798", "CVE-2022-32799", "CVE-2022-32800", "CVE-2022-32801", "CVE-2022-32802", "CVE-2022-32805", "CVE-2022-32807", "CVE-2022-32810", "CVE-2022-32811", "CVE-2022-32812", "CVE-2022-32813", "CVE-2022-32814", "CVE-2022-32815", "CVE-2022-32816", "CVE-2022-32817", "CVE-2022-32818", "CVE-2022-32819", "CVE-2022-32820", "CVE-2022-32821", "CVE-2022-32823", "CVE-2022-32825", "CVE-2022-32826", "CVE-2022-32828", "CVE-2022-32829", "CVE-2022-32831", "CVE-2022-32832", "CVE-2022-32834", "CVE-2022-32837", "CVE-2022-32838", "CVE-2022-32839", "CVE-2022-32840", "CVE-2022-32841", "CVE-2022-32842", "CVE-2022-32843", "CVE-2022-32845", "CVE-2022-32847", "CVE-2022-32848", "CVE-2022-32849", "CVE-2022-32851", "CVE-2022-32852", "CVE-2022-32853", "CVE-2022-32857", "CVE-2022-32860", "CVE-2022-32861", "CVE-2022-32863", "CVE-2022-32880", "CVE-2022-32885", "CVE-2022-32910", "CVE-2022-32948", "CVE-2022-42805", "CVE-2022-42858", "CVE-2022-48503"], "modified": "2022-07-20T00:00:00", "id": "APPLE:71C798D0F46D1E956B1D27B4A004E9B9", "href": "https://support.apple.com/kb/HT213345", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}