CVE-2015-1613

RhodeCode Enterprise < 2.2.6 - Authenticated Sensitive Information Exposure via API Methods

Title source: llm
STIX 2.1

Description

RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method.

References (1)

Core 1
Core References

Scores

EPSS 0.0095
EPSS Percentile 56.9%

Details

CWE
CWE-200
Status published
Products (1)
rhodecode/rhodecode_enterprise < 2.2.6
Published Feb 16, 2015
Tracked Since Feb 18, 2026