[email protected]CVE-2008-2942

HistoryJun 30, 2008 - 8:41 p.m.

CVE-2008-2942

2008-06-3020:41:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2942

directory traversal

mercurial

patch file

vulnerability

security flaw

6.3 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via “…” (dot dot) sequences in a patch file.

CPENameOperatorVersion
mercurial:mercurialmercurialeq1.0.1

CPE	Name	Operator	Version
mercurial:mercurial	mercurial	eq	1.0.1

References

lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

secunia.com/advisories/31108

secunia.com/advisories/31110

secunia.com/advisories/31167

security.gentoo.org/glsa/glsa-200807-09.xml

wiki.rpath.com/Advisories:rPSA-2008-0211

www.openwall.com/lists/oss-security/2008/06/30/1

www.openwall.com/lists/oss-security/2008/07/01/1

www.securityfocus.com/archive/1/493881/100/0/threaded

www.securityfocus.com/bid/30072

www.selenic.com/hg/rev/87c704ac92d4

exchange.xforce.ibmcloud.com/vulnerabilities/43551

issues.rpath.com/browse/RPL-2633

6.3 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for CVE-2008-2942

seebug2 securityvulns2 prion1 cvelist1 gentoo1 nessus2 openvas2 osv1 debiancve1 ubuntucve1 github1