UBUNTU-CVE-2020-5283

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-5283

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-5283.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-5283

Related

CVE-2020-5283

Published

2020-04-03T00:15:00Z

Modified

2025-01-13T10:22:09Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the show_subdir_lastmod feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.

References

Affected packages

Ubuntu:Pro:16.04:LTS / viewvc

Package

Name: viewvc
Purl: pkg:deb/ubuntu/viewvc@1.1.22-1+deb8u1build0.16.04.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.22-1

1.1.22-1+deb8u1build0.16.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / viewvc

Package

Name: viewvc
Purl: pkg:deb/ubuntu/viewvc@1.1.26-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.26-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}