QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000132

Published: Mar 14, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180330 [SECURITY] [DLA 1331-1] mercurial security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update

mailing-list

x_refsource_MLIST

https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20200731 [SECURITY] [DLA 2293-1] mercurial security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.