{"id":"PYSEC-2015-29","details":"RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.","aliases":["CVE-2015-0260","GHSA-hhx9-4vw2-x54r","PYSEC-2015-32"],"modified":"2026-06-10T17:01:22.267266347Z","published":"2015-02-16T15:59:00Z","references":[{"type":"WEB","url":"https://kallithea-scm.org/security/cve-2015-0260.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/72573"},{"type":"WEB","url":"http://seclists.org/oss-sec/2015/q1/505"},{"type":"ARTICLE","url":"https://rhodecode.com/blog/rhodecode-enterprise-security-release/"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100888"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hhx9-4vw2-x54r"}],"affected":[{"package":{"name":"kallithea","ecosystem":"PyPI","purl":"pkg:pypi/kallithea"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2"}]}],"versions":["0.0","0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/kallithea/PYSEC-2015-29.yaml"}}],"schema_version":"1.7.5"}