The product stores a CVS repository in a directory or other container that is accessible to actors outside of the intended control sphere.
Information contained within a CVS subdirectory on a web server or other server could be recovered by an attacker and used for malicious purposes. This information may include usernames, filenames, path root, and IP addresses.
cwe_Nature: ChildOf cwe_CWE_ID: 538 cwe_View_ID: 1000 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 538 cwe_View_ID: 699 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 552 cwe_View_ID: 1000
cwe_Nature: ChildOf cwe_CWE_ID: 552 cwe_View_ID: 699
|Confidentiality||['Read Application Data', 'Read Files or Directories']|
Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed.