CWE-527: Exposure of CVS Repository to an Unauthorized Control Sphere
Weakness ID: 527
The product stores a CVS repository in a directory or other container that is accessible to actors outside of the intended control sphere.
Information contained within a CVS subdirectory on a web server or other server could be recovered by an attacker and used for malicious purposes. This information may include usernames, filenames, path root, and IP addresses.
Time of Introduction
Technical Impact: Read application
data; Read files or
Phases: Operation; Distribution; System Configuration
Recommendations include removing any CVS directories and repositories
from the production server, disabling the use of remote CVS
repositories, and ensuring that the latest CVS patches and version
updates have been performed.