RhodeCode and Kallithea are vulnerable to sensitive information disclosure
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Apr 29, 2024
Description
Published by the National Vulnerability Database
Feb 16, 2015
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Apr 29, 2024
Last updated
Apr 29, 2024
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
References