CVE-2015-0260

Опубликовано: 16 фев. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

Ссылки

http://seclists.org/oss-sec/2015/q1/505
Exploit
http://www.securityfocus.com/bid/72573
https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
https://kallithea-scm.org/security/cve-2015-0260.html
Exploit
Vendor Advisory
https://rhodecode.com/blog/rhodecode-enterprise-security-release/
Patch
Vendor Advisory
http://seclists.org/oss-sec/2015/q1/505
Exploit
http://www.securityfocus.com/bid/72573
https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
https://kallithea-scm.org/security/cve-2015-0260.html
Exploit
Vendor Advisory
https://rhodecode.com/blog/rhodecode-enterprise-security-release/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kallithea-scm:kallithea:0.1:*:*:*:*:*:*:*

cpe:2.3:a:rhodecode:rhodecode_enterprise:*:*:*:*:*:*:*:*

Версия до 2.2.6 (включая)

EPSS

Процентиль: 49%

0.0026

Низкий

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-0260

debian

почти 11 лет назад

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated u ...

GHSA-hhx9-4vw2-x54r

CVSS3: 5.5

github

больше 3 лет назад

RhodeCode and Kallithea are vulnerable to sensitive information disclosure