Lucene search

Pagure Security Vulnerabilities - July

cve

CVE-2016-1000007

Pagure 2.2.1 XSS in raw file endpoint

6.1CVSS

5.9AI Score

0.001EPSS

2016-10-07 06:59 PM

cve

CVE-2016-1000037

Pagure: XSS possible in file attachment endpoint

6.1CVSS

5.9AI Score

0.001EPSS

2019-11-06 07:15 PM

cve

CVE-2017-1002151

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

7.5CVSS

7.5AI Score

0.002EPSS

2017-09-14 01:29 PM

cve

CVE-2019-11556

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

6.1CVSS

5.8AI Score

0.001EPSS

2020-09-25 06:15 AM

140

cve

CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_...

5.9CVSS

5.5AI Score

0.001EPSS

2019-02-08 03:29 AM