CVE-2024-4982
- EPSS 0.18%
- Veröffentlicht 12.05.2025 19:15:48
- Zuletzt bearbeitet 07.08.2025 00:09:39
A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
CVE-2024-4981
- EPSS 0.07%
- Veröffentlicht 12.05.2025 18:55:08
- Zuletzt bearbeitet 07.08.2025 00:19:37
A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
CVE-2019-11556
- EPSS 0.59%
- Veröffentlicht 25.09.2020 06:15:13
- Zuletzt bearbeitet 21.11.2024 04:21:20
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
CVE-2016-1000037
- EPSS 0.49%
- Veröffentlicht 06.11.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:42:51
Pagure: XSS possible in file attachment endpoint
CVE-2019-7628
- EPSS 0.21%
- Veröffentlicht 08.02.2019 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:48:25
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API...
CVE-2017-1002151
- EPSS 0.28%
- Veröffentlicht 14.09.2017 13:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
CVE-2016-1000007
- EPSS 0.24%
- Veröffentlicht 07.10.2016 18:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Pagure 2.2.1 XSS in raw file endpoint