CVE-2015-0260

Kallithea < 0.2 and RhodeCode < 2.2.7 - Authenticated Exposure of Sensitive Information via get_repo API

Title source: llm
STIX 2.1

Description

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

References (5)

Core 5
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://kallithea-scm.org/security/cve-2015-0260.html
Patch, Vendor Advisory x_refsource_confirm
https://rhodecode.com/blog/rhodecode-enterprise-security-release/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72573
Exploit mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2015/q1/505

Scores

EPSS 0.0121
EPSS Percentile 64.7%

Details

CWE
CWE-200
Status published
Products (4)
kallithea-scm/kallithea 0.1
pypi/Kallithea 0 - 0.2PyPI
pypi/RhodeCode 0 - 2.2.7PyPI
rhodecode/rhodecode_enterprise < 2.2.6
Published Feb 16, 2015
Tracked Since Feb 18, 2026