CVE-2018-1000132

Published: 3/14/2018 Last updated: 8/5/2024 Reserved: 3/14/2018

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-hg

Products affected (1)

Product	Vendor	Version
n/a	n/a	2.11.6 and earlier versions

References (10)

https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
https://access.redhat.com/errata/RHSA-2019:2276
https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
https://lists.debian.org/debian-lts-announce/2018/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html
https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
https://access.redhat.com/errata/RHSA-2019:2276
https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html