|
|
CVE Reference: CVE-2008-4297 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-4297 |
|
|
Description: Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45229 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html SAID Secunia Advisory: SA32182 MLIST http://marc.info/?l=oss-security&m=122169840003798&w=2 CONFIRM http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/496488/100/0/threaded BID 31223 |
|
| Return to the previous page. |
