PT-2008-5558 · Mercurial · Mercurial
Josh Bressers
·
Published
2008-09-27
·
Updated
2018-10-11
·
CVE-2008-4297
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Mercurial versions prior to 1.0.2
Description:
The issue concerns the enforcement of the allowpull permission setting for a pull operation from hgweb. It allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
Recommendations:
For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mercurial