CVE-2015-0260
published 2015-02-16CVE-2015-0260: RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
PriorityP417medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.21%
64.5th percentile
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kallithea-scm | kallithea | — | — |
| kallithea-scm | kallithea | >= 0 < 0.2 | 0.2 |
| rhodecode | rhodecode_enterprise | <= 2.2.6 | — |
| rhodecode | rhodecode_enterprise | >= 0 < 2.2.7 | 2.2.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
osv·2022-05-13
CVE-2015-0260 [HIGH] RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
GHSA
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
ghsa·2022-05-13
CVE-2015-0260 [HIGH] CWE-200 RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
OSV
CVE-2015-0260: RhodeCode before 2
osv·2015-02-16
CVE-2015-0260 CVE-2015-0260: RhodeCode before 2
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/oss-sec/2015/q1/505http://www.securityfocus.com/bid/72573https://exchange.xforce.ibmcloud.com/vulnerabilities/100888https://kallithea-scm.org/security/cve-2015-0260.htmlhttps://rhodecode.com/blog/rhodecode-enterprise-security-release/http://seclists.org/oss-sec/2015/q1/505http://www.securityfocus.com/bid/72573https://exchange.xforce.ibmcloud.com/vulnerabilities/100888https://kallithea-scm.org/security/cve-2015-0260.htmlhttps://rhodecode.com/blog/rhodecode-enterprise-security-release/
2015-02-16
Published