CollabNet Subversion Edge tail local file inclusion Jun 28 2015 06:44PM
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "fileName" parameter of the "tail" action
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Local file inclusion
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0


2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08 Vendor fix proposal
2014-12-08 Extension of embargo to 19.4.2015
2015-05-04 Extension of embargo until release of version 5.0
2015-05-18 Release of version 5.0 and public disclosure


The CollabNet Subversion Edge Management Frontend allows authenticated admins to
read arbitrary local files via logfile "fileName" parameter of the "tail" action


Sample URL:

Fix proposal:

Remove feature or santizes the fileName parameter so that no path traversals and
arbitrary file inclusions are possible.

Vendor fix:

[...] now allow only showing hooks/logs within the intended directories.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus