{"id":"PYSEC-2015-32","details":"RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.","aliases":["CVE-2015-0260","GHSA-hhx9-4vw2-x54r","PYSEC-2015-29"],"modified":"2024-04-29T16:26:40.882399Z","published":"2015-02-16T15:59:00Z","references":[{"type":"WEB","url":"https://kallithea-scm.org/security/cve-2015-0260.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/72573"},{"type":"WEB","url":"http://seclists.org/oss-sec/2015/q1/505"},{"type":"ARTICLE","url":"https://rhodecode.com/blog/rhodecode-enterprise-security-release/"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100888"}],"affected":[{"package":{"name":"rhodecode","ecosystem":"PyPI","purl":"pkg:pypi/rhodecode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.7"}]}],"versions":["1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.6.0rc1","1.7.0","1.7.1","1.7.2","2.2.5","2.2.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rhodecode/PYSEC-2015-32.yaml"}}],"schema_version":"1.7.3"}