ViewVC Multiple Remote Information Disclosure Vulnerabilities

ViewVC Multiple Remote Information Disclosure Vulnerabilities

ViewVC is prone to multiple information-disclosure vulnerabilities because the application fails to properly validate user privileges.

An unprivileged attacker may exploit these issues to bypass certain security restrictions and gain access to perform certain actions that will disclose sensitive information.

These issues affect versions prior to ViewVC 1.0.5.