Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oaHg5LTR2dzIteDU0cs4AAQeY
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
Permalink: https://github.com/advisories/GHSA-hhx9-4vw2-x54rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oaHg5LTR2dzIteDU0cs4AAQeY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 20 days ago
Identifiers: GHSA-hhx9-4vw2-x54r, CVE-2015-0260
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-0260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
- https://kallithea-scm.org/security/cve-2015-0260.html
- http://seclists.org/oss-sec/2015/q1/505
- https://rhodecode.com/blog/rhodecode-enterprise-security-release
- https://web.archive.org/web/20150321135511/http://www.securityfocus.com/bid/72573
- https://github.com/advisories/GHSA-hhx9-4vw2-x54r
Affected Packages
pypi:Kallithea
Dependent packages: 0Dependent repositories: 6
Downloads: 209 last month
Affected Version Ranges: < 0.1
Fixed in: 0.1
All affected versions:
All unaffected versions: 0.2.1, 0.2.2, 0.2.9, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0
pypi:RhodeCode
Dependent packages: 0Dependent repositories: 1
Downloads: 146 last month
Affected Version Ranges: < 2.2.7
Fixed in: 2.2.7
All affected versions: 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 2.2.5, 2.2.6
All unaffected versions: