Incorrect Permission Assignment for Critical Resource in mercurial

Do your applications use this vulnerable package? Test your applications

Overview

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

References

CONFIRM
CVE Details
Debian Security Announcement
Debian Security Announcement
Debian Security Tracker
MLIST
RHSA Security Advisory
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

None

CVE: CVE-2018-1000132
CWE: CWE-732
Snyk ID: SNYK-DEBIAN8-MERCURIAL-311112
Disclosed: 14 Mar, 2018
Published: 14 Mar, 2018

Incorrect Permission Assignment for Critical Resource
Affecting mercurial package, versions <3.1.2-2+deb8u5

Overview

References

CVSS Score

Incorrect Permission Assignment for Critical Resource Affecting mercurial package, versions <3.1.2-2+deb8u5

Overview

References

Incorrect Permission Assignment for Critical Resource
Affecting mercurial package, versions <3.1.2-2+deb8u5