Improper Access Restriction in Xcode Server Allows Information Disclosure

Improper Access Restriction in Xcode Server Allows Information Disclosure

CVE-2015-5909 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.

Learn more about our Cis Benchmark Audit For Server Software.