cve-2023-22456
Vulnerability from cvelistv5
Published
2023-01-03 18:29
Modified
2024-08-02 10:13
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version). ViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set's `revision.ezt` file references to those changed paths, and wrap them with `[format "html"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format "html"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)
References
security-advisories@github.comhttps://github.com/viewvc/viewvc/issues/311Issue Tracking, Third Party Advisory
security-advisories@github.comhttps://github.com/viewvc/viewvc/releases/tag/1.1.29Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/viewvc/viewvc/releases/tag/1.2.2Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5gThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/viewvc/viewvc/issues/311Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/viewvc/viewvc/releases/tag/1.1.29Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/viewvc/viewvc/releases/tag/1.2.2Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5gThird Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"
          },
          {
            "name": "https://github.com/viewvc/viewvc/issues/311",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/viewvc/viewvc/issues/311"
          },
          {
            "name": "https://github.com/viewvc/viewvc/releases/tag/1.1.29",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"
          },
          {
            "name": "https://github.com/viewvc/viewvc/releases/tag/1.2.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "viewvc",
          "vendor": "viewvc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1.29"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.2.0, \u003c 1.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).\n\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set\u0027s `revision.ezt` file references to those changed paths, and wrap them with `[format \"html\"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format \"html\"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-03T18:29:51.262Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g"
        },
        {
          "name": "https://github.com/viewvc/viewvc/issues/311",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/viewvc/viewvc/issues/311"
        },
        {
          "name": "https://github.com/viewvc/viewvc/releases/tag/1.1.29",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/viewvc/viewvc/releases/tag/1.1.29"
        },
        {
          "name": "https://github.com/viewvc/viewvc/releases/tag/1.2.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/viewvc/viewvc/releases/tag/1.2.2"
        }
      ],
      "source": {
        "advisory": "GHSA-j4mx-f97j-gc5g",
        "discovery": "UNKNOWN"
      },
      "title": "ViewVC XSS vulnerability in revision view changed paths"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-22456",
    "datePublished": "2023-01-03T18:29:51.262Z",
    "dateReserved": "2022-12-29T03:00:40.878Z",
    "dateUpdated": "2024-08-02T10:13:48.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.1.29\", \"matchCriteriaId\": \"EB51E00C-7F8B-426A-80EF-C57BDE6DE88F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.2.0\", \"versionEndExcluding\": \"1.2.2\", \"matchCriteriaId\": \"227BB175-E196-488C-9E25-3F39111283E9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).\\n\\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set\u0027s `revision.ezt` file references to those changed paths, and wrap them with `[format \\\"html\\\"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format \\\"html\\\"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)\"}, {\"lang\": \"es\", \"value\": \"ViewVC, una interfaz de navegador para repositorios de control de versiones de CVS y Subversion, es una vulnerabilidad de cross-site scripting que afecta a versiones anteriores a 1.2.2 y 1.1.29. El impacto de esta vulnerabilidad se ve mitigado por la necesidad de que un atacante tenga privilegios de confirmaci\\u00f3n en un repositorio de Subversion expuesto por una instancia de ViewVC que, de otro modo, ser\\u00eda de confianza. El vector de ataque implica archivos con nombres no seguros (nombres que, al incrustarse en una secuencia HTML, har\\u00edan que el navegador ejecutara c\\u00f3digo no deseado), que pueden ser dif\\u00edciles de crear. Los usuarios deben actualizar al menos a la versi\\u00f3n 1.2.2 (si est\\u00e1n usando una versi\\u00f3n 1.2.x de ViewVC) o 1.1.29 (si est\\u00e1n usando una versi\\u00f3n 1.1.x). ViewVC 1.0.x ya no es compatible, por lo que los usuarios de esa l\\u00ednea de versiones deben implementar un workaround. Los usuarios pueden editar sus plantillas de vista EZT de ViewVC para escapar manualmente mediante HTML las rutas modificadas durante la representaci\\u00f3n. Localice en el archivo `revision.ezt` de su conjunto de plantillas las referencias a esas rutas modificadas y enci\\u00e9rrelas con `[format \\\"html\\\"]` y `[end]`. Para la mayor\\u00eda de los usuarios, eso significa que las referencias a `[changes.path]` se convertir\\u00e1n en `[format \\\"html\\\"][changes.path][end]`. (Este workaround se debe revertir despu\\u00e9s de actualizar a una versi\\u00f3n parcheada de ViewVC, de lo contrario, los nombres de las rutas modificadas se escapar\\u00e1n dos veces).\"}]",
      "id": "CVE-2023-22456",
      "lastModified": "2024-11-21T07:44:50.567",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2023-01-03T19:15:10.483",
      "references": "[{\"url\": \"https://github.com/viewvc/viewvc/issues/311\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/releases/tag/1.1.29\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/releases/tag/1.2.2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/issues/311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/releases/tag/1.1.29\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/releases/tag/1.2.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-22456\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-03T19:15:10.483\",\"lastModified\":\"2024-11-21T07:44:50.567\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. Users should update to at least version 1.2.2 (if they are using a 1.2.x version of ViewVC) or 1.1.29 (if they are using a 1.1.x version).\\n\\nViewVC 1.0.x is no longer supported, so users of that release lineage should implement a workaround. Users can edit their ViewVC EZT view templates to manually HTML-escape changed paths during rendering. Locate in your template set\u0027s `revision.ezt` file references to those changed paths, and wrap them with `[format \\\"html\\\"]` and `[end]`. For most users, that means that references to `[changes.path]` will become `[format \\\"html\\\"][changes.path][end]`. (This workaround should be reverted after upgrading to a patched version of ViewVC, else changed path names will be doubly escaped.)\"},{\"lang\":\"es\",\"value\":\"ViewVC, una interfaz de navegador para repositorios de control de versiones de CVS y Subversion, es una vulnerabilidad de cross-site scripting que afecta a versiones anteriores a 1.2.2 y 1.1.29. El impacto de esta vulnerabilidad se ve mitigado por la necesidad de que un atacante tenga privilegios de confirmaci\u00f3n en un repositorio de Subversion expuesto por una instancia de ViewVC que, de otro modo, ser\u00eda de confianza. El vector de ataque implica archivos con nombres no seguros (nombres que, al incrustarse en una secuencia HTML, har\u00edan que el navegador ejecutara c\u00f3digo no deseado), que pueden ser dif\u00edciles de crear. Los usuarios deben actualizar al menos a la versi\u00f3n 1.2.2 (si est\u00e1n usando una versi\u00f3n 1.2.x de ViewVC) o 1.1.29 (si est\u00e1n usando una versi\u00f3n 1.1.x). ViewVC 1.0.x ya no es compatible, por lo que los usuarios de esa l\u00ednea de versiones deben implementar un workaround. Los usuarios pueden editar sus plantillas de vista EZT de ViewVC para escapar manualmente mediante HTML las rutas modificadas durante la representaci\u00f3n. Localice en el archivo `revision.ezt` de su conjunto de plantillas las referencias a esas rutas modificadas y enci\u00e9rrelas con `[format \\\"html\\\"]` y `[end]`. Para la mayor\u00eda de los usuarios, eso significa que las referencias a `[changes.path]` se convertir\u00e1n en `[format \\\"html\\\"][changes.path][end]`. (Este workaround se debe revertir despu\u00e9s de actualizar a una versi\u00f3n parcheada de ViewVC, de lo contrario, los nombres de las rutas modificadas se escapar\u00e1n dos veces).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.29\",\"matchCriteriaId\":\"EB51E00C-7F8B-426A-80EF-C57BDE6DE88F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:viewvc:viewvc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.0\",\"versionEndExcluding\":\"1.2.2\",\"matchCriteriaId\":\"227BB175-E196-488C-9E25-3F39111283E9\"}]}]}],\"references\":[{\"url\":\"https://github.com/viewvc/viewvc/issues/311\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/releases/tag/1.1.29\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/releases/tag/1.2.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/issues/311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/releases/tag/1.1.29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/releases/tag/1.2.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.