Vulnerability Details CVE-2015-0260
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.3%
CVSS Severity
CVSS v2 Score 4.0
References
- http://seclists.org/oss-sec/2015/q1/505
- http://www.securityfocus.com/bid/72573
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
- https://kallithea-scm.org/security/cve-2015-0260.html
- https://rhodecode.com/blog/rhodecode-enterprise-security-release/
- http://seclists.org/oss-sec/2015/q1/505
- http://www.securityfocus.com/bid/72573
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
- https://kallithea-scm.org/security/cve-2015-0260.html
- https://rhodecode.com/blog/rhodecode-enterprise-security-release/
Products affected by CVE-2015-0260
-
cpe:2.3:a:kallithea-scm:kallithea:0.1
-
cpe:2.3:a:rhodecode:rhodecode_enterprise:2.2.6