CVE-2015-0260
Kallithea < 0.2 and RhodeCode < 2.2.7 - Authenticated Exposure of Sensitive Information via get_repo API
Title source: llmDescription
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
References (5)
Core 5
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://kallithea-scm.org/security/cve-2015-0260.html
Patch, Vendor Advisory x_refsource_confirm
https://rhodecode.com/blog/rhodecode-enterprise-security-release/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100888
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72573
Exploit mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2015/q1/505
Scores
EPSS
0.0121
EPSS Percentile
64.7%
Details
CWE
CWE-200
Status
published
Products (4)
kallithea-scm/kallithea
0.1
pypi/Kallithea
0 - 0.2PyPI
pypi/RhodeCode
0 - 2.2.7PyPI
rhodecode/rhodecode_enterprise
< 2.2.6
Published
Feb 16, 2015
Tracked Since
Feb 18, 2026