ROSA LABROSA-SA-2021-1918Advisory ROSA-SA-2021-1918
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.031 Low
EPSS
Percentile
91.0%
Software: mercurial 2.6.2
OS: Cobalt 7.9
CVE-ID: CVE-2014-9462
CVE-Crit: CRITICAL
CVE-DESC: The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via the created repository name in the clone command.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-3105
CVE-Crit: HIGH
CVE-DESC: The convert extension in Mercurial before 3.8 could allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2016-3630
CVE-Crit: HIGH
CVE-DESC: The binary delta decoder in Mercurial before version 3.7.3 allows remote attackers to execute arbitrary code using the (1) clone, (2) push, or (3) pull command associated with (a) list size rounding error. and (b) short entries.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2017-17458
CVE-Crit: CRITICAL.
CVE-DESC: In Mercurial before 4.4.1, it is possible that a specially mangled repository could cause nested Git repositories to run arbitrary code in the form of .git / hooks / post-update script registered with the repository. Typical Mercurial usage prevents such repositories from being created, but they can be created programmatically.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-13348
CVE-Crit: HIGH
CVE-DESC: The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 incorrectly handles certain situations where there should be at least 12 bytes left after the current position in the patch data, but in fact there are none, just like OVE-20180430-0001.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-17983
CVE-Crit: CRITICAL
CVE-DESC: cext / manifest.c in Mercurial before version 4.7.2 has out-of-bounds reads during parsing of an incorrect manifest entry.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-3902
CVE-Crit: MEDIUM
CVE-DESC: A bug was discovered in Mercurial before 4.9. It was possible to use symbolic links and sub-repositories to bypass Mercurial’s path validation logic and write files outside the repository.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-2306
CVE-Crit: MEDIUM
CVE-DESC: The lack of permission checking in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with General / Read permission to obtain a list of names of customized Mercurial installations.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2020-2305
CVE-Crit: MEDIUM
CVE-DESC: Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent attacks on XML external objects (XXE).
CVE-STATUS: Default
CVE-REV: default
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.031 Low
EPSS
Percentile
91.0%