Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-9462 — Incorrect Permission Assignment in Mercurial

CWE-732 — Incorrect Permission Assignment CWE-284 — Improper Access Control10 documents8 sources

Severity

8.8HIGHNVD

EPSS

48.7%

top 2.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mercurial Debian Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedJun 6

Latest updateJul 13

Description

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDmercurial/mercurial< 4.1.3

▶PyPImercurial/mercurial< 4.1.3

▶Debianmercurial/mercurial< 4.3.1-1+3

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

▶NVDredhat/enterprise_linux_desktop6.0, 7.0+1

Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

Mercurial has Incorrect Permission Assignment for Critical Resource↗2018-07-13

▶

OSV

Mercurial has Incorrect Permission Assignment for Critical Resource↗2018-07-13

▶

OSV

CVE-2017-9462: In Mercurial before 4↗2017-06-06

▶

CVEList

CVE-2017-9462: In Mercurial before 4↗2017-06-06

▶

💥Exploits & PoCs

Metasploit

Mercurial Custom hg-ssh Wrapper Remote Code Exec↗

▶

📋Vendor Advisories

Red Hat

mercurial: Python debugger accessible to authorized users↗2017-04-18

▶

Debian

CVE-2017-9462: mercurial - In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users ...↗2017

▶

💬Community

Bugzilla

CVE-2017-9462 mercurial: Python debugger accessible to authorized users↗2017-06-07

▶

Bugzilla

CVE-2017-9462 mercurial: Python debugger accessible to authorized users [fedora-all]↗2017-06-07

▶