Description
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
Published: 2018-03-14
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-1331-1 mercurial security update
Debian DLA Debian DLA DLA-1414-1 mercurial security update
Debian DLA Debian DLA DLA-2293-1 mercurial security update
EUVD EUVD EUVD-2018-0094 Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
Github GHSA Github GHSA GHSA-4mr4-7vjv-9hm6 Mercurial Incorrect Access Control vulnerability
History

No history.

Subscriptions

Debian Debian Linux
Mercurial Mercurial
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T12:33:49.240Z

Reserved: 2018-03-14T00:00:00.000Z

Link: CVE-2018-1000132

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-14T13:29:00.407

Modified: 2024-11-21T03:39:45.083

Link: CVE-2018-1000132

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-03-08T00:00:00Z

Links: CVE-2018-1000132 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses