CVE-2016-3114

MEDIUM

Kallithea - Access Control

Title source: rule

Description

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.

References (1)

Scores

CVSS v3 6.5
EPSS 0.0016
EPSS Percentile 36.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE
CWE-264
Status published

Affected Products (2)

kallithea/kallithea
n/a/n/a

Timeline

Published Apr 24, 2017
Tracked Since Feb 18, 2026