Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 5.5
Описание
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
- https://github.com/pypa/advisory-database/tree/main/vulns/kallithea/PYSEC-2015-29.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/rhodecode/PYSEC-2015-32.yaml
- https://kallithea-scm.org/repos/kallithea/changeset/5923d74742879b812965568475e21c3496d722a9
- https://kallithea-scm.org/security/cve-2015-0260.html
- https://rhodecode.com/blog/rhodecode-enterprise-security-release
- https://web.archive.org/web/20150321135511/http://www.securityfocus.com/bid/72573
- http://seclists.org/oss-sec/2015/q1/505
Пакеты
Наименование
RhodeCode
pip
Затронутые версииВерсия исправления
< 2.2.7
2.2.7
Наименование
Kallithea
pip
Затронутые версииВерсия исправления
< 0.2
0.2
Связанные уязвимости
nvd
почти 11 лет назад
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
debian
почти 11 лет назад
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated u ...