CVS Detected

Severity: Medium

Summary#

Invicti detected a CVS repository file.

Impact#

CVS repository files can disclose the CVS physical path, CVS name and CVS file list. While disclosures of this type do not provide chances of direct attack, they can be useful for an attacker when combined with other vulnerabilities or during the exploitation of some other vulnerabilities.

Remediation#

Do not leave CVS repository files on production environments. If there is a business requirement to do so, implement access control mechanisms to stop public access to CVS repository files.

Classifications#

OWASP 2013-A5, CAPEC-118, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, ISO27001-A.9.4.5, CWE-527, WASC-13, OWASP 2017-A6

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

CVS Detected

Related Articles

Build your resistance to threats. And save hundreds of hours each month.