6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
7.5CVSS
7.5AI Score
0.002EPSS
6.1CVSS
5.8AI Score
0.001EPSS
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_...
5.9CVSS
5.5AI Score
0.001EPSS