CVE-2015-0260

Published: Feb 16, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

Affected (2)

Products: Kallithea Scm: Kallithea · Rhodecode: Rhodecode Enterprise

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Kallithea Scm Kallithea	Version 0.1
Rhodecode Rhodecode Enterprise	Up to 2.2.6

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://seclists.org/oss-sec/2015/q1/505

Source: secalert@redhat.com

Exploit

http://www.securityfocus.com/bid/72573

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/100888

Source: secalert@redhat.com

https://kallithea-scm.org/security/cve-2015-0260.html

Source: secalert@redhat.com

ExploitVendor Advisory

https://rhodecode.com/blog/rhodecode-enterprise-security-release/

Source: secalert@redhat.com

PatchVendor Advisory

http://seclists.org/oss-sec/2015/q1/505