Lucene search

[email protected]CVE-2008-4297

HistorySep 27, 2008 - 10:30 a.m.

CVE-2008-4297

2008-09-2710:30:03

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-4297

mercurial

security vulnerability

remote attack

file access

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an “hg pull” request.

Affected configurations

NVD

Node

mercurialmercurialRange≤1.0.1

CPENameOperatorVersion
mercurial:mercurialmercurialle1.0.1

CPE	Name	Operator	Version
mercurial:mercurial	mercurial	le	1.0.1

References

lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html

marc.info/?l=oss-security&m=122169840003798&w=2

secunia.com/advisories/32182

wiki.rpath.com/wiki/Advisories:rPSA-2008-0276

www.securityfocus.com/archive/1/496488/100/0/threaded

www.securityfocus.com/bid/31223

www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b

www.vupen.com/english/advisories/2008/2604

exchange.xforce.ibmcloud.com/vulnerabilities/45229

issues.rpath.com/browse/RPL-2753

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2008-4297

cvelist1 nvd1 ubuntucve1 prion1 nessus1 debiancve1