CVE-2017-1002151Improper Authorization in Project Pagure

CWE-285Improper AuthorizationCWE-862Missing Authorization7 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pagure Project PagureRedhat Pagure
Timeline
PublishedSep 14
Latest updateMay 13

Description

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5pagure_project/pagureunspecified3.3.0
NVDredhat/pagure3.3

Patches

Patch: pagure.ioPatch: pagure.io

🔴Vulnerability Details

2
GHSA
GHSA-m5c9-mwvj-33fc: Pagure 32022-05-13
CVEList
CVE-2017-1002151: Pagure 32017-09-14

📋Vendor Advisories

1
Debian
CVE-2017-1002151: pagure - Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper...2017

💬Community

3
Bugzilla
CVE-2017-1002151 pagure: Private repositories accessible through ssh [fedora-all]2017-07-24
Bugzilla
CVE-2017-1002151 pagure: Private repositories accessible through ssh2017-07-24
Bugzilla
CVE-2017-1002151 pagure: Private repositories accessible through ssh [epel-7]2017-07-24