Pagure Security Vulnerabilities and Issues — Pagure CVE List

Lucene search

RedhatPagure

5 matches found

CVE•added 2020/09/25 6:15 a.m.•152 views

CVE-2019-11556

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

6.1CVSS5.8AI score0.00587EPSS

CVE•added 2019/11/06 7:15 p.m.•62 views

CVE-2016-1000037

Pagure: XSS possible in file attachment endpoint

6.1CVSS5.9AI score0.00494EPSS

CVE•added 2019/02/08 3:29 a.m.•47 views

CVE-2019-7628

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_...

5.9CVSS5.5AI score0.00212EPSS

CVE•added 2017/09/14 1:29 p.m.•43 views

CVE-2017-1002151

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

7.5CVSS7.5AI score0.00282EPSS

CVE•added 2016/10/07 6:59 p.m.•33 views

CVE-2016-1000007

Pagure 2.2.1 XSS in raw file endpoint

6.1CVSS5.9AI score0.0024EPSS