CVE-2015-1613
RhodeCode Enterprise < 2.2.6 - Authenticated Sensitive Information Exposure via API Methods
Title source: llmDescription
RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://rhodecode.com/blog/rhodecode-enterprise-security-release/
Scores
EPSS
0.0095
EPSS Percentile
56.9%
Details
CWE
CWE-200
Status
published
Products (1)
rhodecode/rhodecode_enterprise
< 2.2.6
Published
Feb 16, 2015
Tracked Since
Feb 18, 2026