Andrew Shadura

**Name of the Vulnerable Software and Affected Versions** Kallithea versions prior to 0.2 **Description** A cross-site request forgery (CSRF) issue exists. This allows an attacker to perform unintended actions on a user's account. **Recommendations** For versions prior to 0.2, update to version 0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kallithea versions prior to 0.3.2 **Description** The issue allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. **Recommendations** For versions prior to 0.3.2, update to version 0.3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kallithea versions prior to 0.3.2 **Description** The issue allows remote attackers to bypass CSRF protection by utilizing the GET HTTP request method. **Recommendations** For versions prior to 0.3.2, update to version 0.3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RhodeCode versions prior to 2.2.7 Kallithea version 0.1 **Description** The issue allows remote authenticated users to obtain sensitive information, including API keys, by utilizing the "get repo" API method. **Recommendations** For RhodeCode versions prior to 2.2.7, update to version 2.2.7 or later. For Kallithea version 0.1, there is no information about a newer version that contains a fix for this issue.