File Access Vulnerability in Mercurial by Edgewall Software
CVE-2008-4297

Currently unrated

Key Information:

Vendor

Mercurial

Status
Mercurial
Vendor
CVE Published:
27 September 2008

What is CVE-2008-4297?

An issue in Mercurial prior to version 1.0.2 allows attackers to exploit the hgweb interface to access and read arbitrary files from the repository. This occurs due to a failure to enforce the 'allowpull' permission setting during pull operations, which leaves sensitive data exposed to unauthorized users. Attackers can issue an 'hg pull' request to retrieve files that should otherwise be restricted, making this vulnerability a serious concern for repository security and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276
x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-2753
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/2604
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.