CVE-2015-0260 – kallithea

Package

Manager: pip
Name: kallithea
Vulnerable Version: >=0 <0.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0026 pctl0.49139

Details

RhodeCode and Kallithea are vulnerable to sensitive information disclosure RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

Metadata

Created: 2022-05-13T01:26:14Z
Modified: 2024-09-24T20:47:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hhx9-4vw2-x54r/GHSA-hhx9-4vw2-x54r.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-hhx9-4vw2-x54r
Finding: F038
Auto approve: 1