Lucene search

K
cve[email protected]CVE-2015-0260
HistoryFeb 16, 2015 - 3:59 p.m.

CVE-2015-0260

2015-02-1615:59:01
CWE-200
web.nvd.nist.gov
21
rhodecode
kallithea
api key
vulnerability
information security

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.7%

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

Affected configurations

NVD
Node
kallithea-scmkallitheaMatch0.1
OR
rhodecoderhodecode_enterpriseRange2.2.6

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.7%