exploitDog

CVE-2008-4297

Опубликовано: 13 авг. 2008

Источник: redhat

EPSS Низкий

Описание

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=464631mercurial: missing allowpull permission check in hgweb

EPSS

Процентиль: 72%

0.00756

Низкий

Связанные уязвимости

CVE-2008-4297

ubuntu

почти 17 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

CVE-2008-4297

nvd

почти 17 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

CVE-2008-4297

debian

почти 17 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setti ...

GHSA-rw83-rp96-92cm

github

больше 3 лет назад

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

EPSS

Процентиль: 72%

0.00756

Низкий