Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-4297

Опубликовано: 27 сент. 2008
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mercurial:mercurial:*:*:*:*:*:*:*:*
Версия до 1.0.1 (включая)

EPSS

Процентиль: 72%
0.00756
Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2008-4297

ubuntu
почти 17 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

redhat логотип

CVE-2008-4297

redhat
около 17 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

debian логотип

CVE-2008-4297

debian
почти 17 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setti ...

github логотип

GHSA-rw83-rp96-92cm

github
больше 3 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

EPSS

Процентиль: 72%
0.00756
Низкий

5 Medium

CVSS2

Дефекты

CWE-264