Vulnerability Details CVE-2015-0853
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
References
- http://pysvn.tigris.org/issues/show_bug.cgi?id=202
- http://www.openwall.com/lists/oss-security/2015/09/13/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798863
- https://bugs.launchpad.net/ubuntu/+source/svn-workbench/+bug/1495268
- https://bugzilla.redhat.com/show_bug.cgi?id=1262928
- http://pysvn.tigris.org/issues/show_bug.cgi?id=202
- http://www.openwall.com/lists/oss-security/2015/09/13/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798863
- https://bugs.launchpad.net/ubuntu/+source/svn-workbench/+bug/1495268
- https://bugzilla.redhat.com/show_bug.cgi?id=1262928
Products affected by CVE-2015-0853
-
cpe:2.3:a:pysvn_project:svn-workbench:1.6.2