CVE-2008-4297 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4297
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4297

Description: Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45229 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html SAID Secunia Advisory: SA32182 MLIST http://marc.info/?l=oss-security&m=122169840003798&w=2 CONFIRM http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/496488/100/0/threaded BID 31223

Return to the previous page.