Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper...
7.5CVSS
7.5AI Score
0.002EPSS
6.1CVSS
5.8AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...
5.9CVSS
5.5AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS