The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

What CVEs are caused by CWE-527?

2 recorded CVEs are attributed to CWE-527, including CVE-2021-21423, CVE-2022-20931.

How do you prevent CWE-527?

Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed.

What are the consequences of CWE-527?

Exploiting CWE-527 can lead to: Read Application Data, Read Files or Directories.

Is CWE-527 actively exploited?

2 recorded CVEs are caused by CWE-527; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere

When it is introduced

Typically introduced during these phases of the software lifecycle.

Operation

Applies to

Technologies

Web Based

CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere

When it is introduced

Applies to

CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Frequently asked questions

What is CWE-527?

What CVEs are caused by CWE-527?

How do you prevent CWE-527?

What are the consequences of CWE-527?

Is CWE-527 actively exploited?

References

Stay ahead of CWE-527

When it is introduced

Applies to

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Related weaknesses

Parent

Frequently asked questions

What is CWE-527?

What CVEs are caused by CWE-527?

How do you prevent CWE-527?

What are the consequences of CWE-527?

Is CWE-527 actively exploited?

References

Stay ahead of CWE-527