2 matches found
Fedora 29 : pagure (2019-4e72b179e4)
Update to Pagure 5.3, which includes the fix for CVE-2019-7628. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2019-7628
Pagure 5.2 leaks API keys by emailing them to users due to a TLS-trusting CS mail path and insecure API token expiration reminder cron job in files/api_key_expire_mail.py. The issue enables MITM reading of emails and potential account compromise, with the root cause identified as the API key expi...