Vulnerability Description
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mercurial | Mercurial | < 4.5.1 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:2276
- https://lists.debian.org/debian-lts-announce/2018/03/msg00034.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00005.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03Release NotesVendor Advisory
- https://access.redhat.com/errata/RHSA-2019:2276
- https://lists.debian.org/debian-lts-announce/2018/03/msg00034.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/07/msg00005.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/07/msg00032.html
- https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03Release NotesVendor Advisory
FAQ
What is CVE-2018-1000132?
CVE-2018-1000132 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via n...
How severe is CVE-2018-1000132?
CVE-2018-1000132 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000132?
Check the references section above for vendor advisories and patch information. Affected products include: Mercurial Mercurial, Debian Debian Linux.