Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000132

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Published

2018-03-14T13:29:00.407

Last Modified

2024-11-21T03:39:45.083

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-732
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application mercurial mercurial < 4.5.1 Yes
Operating System debian debian_linux 7.0 Yes
Operating System debian debian_linux 8.0 Yes
References