Lucene search
Veracode Vulnerability DatabaseVERACODE:46699HistoryApr 30, 2024 - 11:33 a.m.
Sensitive Information Exposure
2024-04-3011:33:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
sensitive information exposure
admin authentication
remote access
api keys
software vulnerability
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.8%
RhodeCode and Kallithea is vulnerable to Sensitive Information Exposure. The vulnerability is due to a lack of admin authentication which allows remote users to obtain API keys and other sensitive information via the get_repo API method.
Related
osv
osv
PYSEC-2015-29
2015-02-16 15:59:00
PYSEC-2015-32
2015-02-16 15:59:00
github
github
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
2022-05-13 01:26:14
cve
cve
CVE-2015-0260
2015-02-16 15:59:01
cvelist
cvelist
CVE-2015-0260
2015-02-16 15:00:00
prion
prion
Design/Logic Flaw
2015-02-16 15:59:00
nvd
nvd
CVE-2015-0260
2015-02-16 15:59:01
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.8%
Related for VERACODE:46699