Lucene search
Ubuntu.comUB:CVE-2008-4297HistorySep 27, 2008 - 12:00 a.m.
CVE-2008-4297
2008-09-2700:00:00
ubuntu.com
ubuntu.com
8
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
Mercurial before 1.0.2 does not enforce the allowpull permission setting
for a pull operation from hgweb, which allows remote attackers to read
arbitrary files from a repository via an “hg pull” request.
Notes
| Author | Note |
|---|---|
| kees | only part of the examples |
Related
cve
cve
CVE-2008-4297
2008-09-27 10:30:03
cvelist
cvelist
CVE-2008-4297
2008-09-27 00:00:00
nvd
nvd
CVE-2008-4297
2008-09-27 10:30:03
nessus
nessus
openSUSE Security Update : mercurial (mercurial-230)
2009-07-21 00:00:00
debiancve
debiancve
CVE-2008-4297
2008-09-27 10:30:03
prion
prion
Design/Logic Flaw
2008-09-27 10:30:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
Related for UB:CVE-2008-4297