CVE-2018-1000132 – mercurial

Package

Manager: pip
Name: mercurial
Vulnerable Version: >=0 <4.5.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00616 pctl0.68978

Details

Mercurial Incorrect Access Control vulnerability Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Metadata

Created: 2022-05-13T01:24:55Z
Modified: 2024-09-24T21:28:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4mr4-7vjv-9hm6/GHSA-4mr4-7vjv-9hm6.json
CWE IDs: ["CWE-732"]
Alternative ID: GHSA-4mr4-7vjv-9hm6
Finding: F039
Auto approve: 1