PT-2018-1893 · Mercurial+4 · Mercurial+4

Publicado

2018-03-14

Atualizado

2024-06-15

CVE-2018-1000132

CVSS v4.0

9.3

Crítica

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mercurial versions prior to 4.5.1

Description The issue is related to incorrect access control in the protocol server, which can lead to unauthorized data access. This can be exploited via network connectivity, potentially allowing a remote attacker to compromise data confidentiality and integrity.

Recommendations For Mercurial versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting network connectivity to the protocol server until the update can be applied.

Correção

Incorrect Permission

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-284

Identificadores relacionados

ALT-PU-2018-2508

BDU:2018-01497

CESA-2019_2276

CVE-2018-1000132

DLA-1331-1

DLA-1414-1

DLA-2293-1

GHSA-4MR4-7VJV-9HM6

MGASA-2018-0355

OPENSUSE-SU-2024:10586-1

PYSEC-2018-87

RHSA-2019:2276

RHSA-2019_2276

SUSE-SU-2018:0933-1

SUSE-SU-2018_0933-1

Produtos afetados

Alt Linux

Centos

Mercurial

Red Hat

Suse

PT-2018-1893 · Mercurial+4 · Mercurial+4

CVE-2018-1000132

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40