CVE-2017-1002151 Information

Description

Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization

Vulnerability Type (CWE)

CWE-862

Published

2017-09-14

Last Modified

2019-10-16

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

7.5 HIGH

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

References

https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch (Patch,Vendor Advisory) https://pagure.io/pagure/pull-request/2426 (Vendor Advisory)