{"id":"PYSEC-2015-33","details":"RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method.","aliases":["CVE-2015-1613"],"modified":"2023-11-08T03:57:50.200844Z","published":"2015-02-16T15:59:00Z","references":[{"type":"ARTICLE","url":"https://rhodecode.com/blog/rhodecode-enterprise-security-release/"}],"affected":[{"package":{"name":"rhodecode","ecosystem":"PyPI","purl":"pkg:pypi/rhodecode"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.7"}]}],"versions":["1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.6.0","1.6.0rc1","1.7.0","1.7.1","1.7.2","2.2.5","2.2.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rhodecode/PYSEC-2015-33.yaml"}}],"schema_version":"1.7.3"}