Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for pagure by redhat

    CVE-2024-4982 (GCVE-0-2024-4982)

    Vulnerability from nvd – Published: 2025-05-12 19:01 – Updated: 2025-05-12 19:16
    VLAI
    Title
    Pagure: path traversal in view_issue_raw_file()
    Summary
    A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.14.1 (semver)
    Date Public
    2024-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T19:16:16.496352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T19:16:28.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pagure.io/pagure",
              "defaultStatus": "unaffected",
              "packageName": "pagure",
              "versions": [
                {
                  "lessThan": "5.14.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T19:01:45.824Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4982"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279411"
            },
            {
              "name": "RHBZ#2280726",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280726"
            },
            {
              "url": "https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pagure: path traversal in view_issue_raw_file()",
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2024-4982",
        "datePublished": "2025-05-12T19:01:45.824Z",
        "dateReserved": "2024-05-15T22:54:26.023Z",
        "dateUpdated": "2025-05-12T19:16:28.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4981 (GCVE-0-2024-4981)

    Vulnerability from nvd – Published: 2025-05-12 18:55 – Updated: 2025-05-12 19:05
    VLAI
    Title
    Pagure: _update_file_in_git() follows symbolic links in temporary clones
    Summary
    A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.14.1 (semver)
    Date Public
    2024-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T19:04:15.136644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T19:05:43.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pagure.io/pagure",
              "defaultStatus": "unaffected",
              "packageName": "pagure",
              "versions": [
                {
                  "lessThan": "5.14.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T18:59:13.483Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4981"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278745"
            },
            {
              "name": "RHBZ#2280723",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280723"
            },
            {
              "url": "https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pagure: _update_file_in_git() follows symbolic links in temporary clones",
          "x_redhatCweChain": "CWE-552: Files or Directories Accessible to External Parties"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2024-4981",
        "datePublished": "2025-05-12T18:55:08.744Z",
        "dateReserved": "2024-05-15T22:44:08.761Z",
        "dateUpdated": "2025-05-12T19:05:43.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11556 (GCVE-0-2019-11556)

    Vulnerability from nvd – Published: 2020-09-25 05:56 – Updated: 2024-08-04 22:55
    VLAI
    Summary
    Pagure before 5.6 allows XSS via the templates/blame.html blame view.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:55:40.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/commits/master"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.pagure.org/pagure/changelog.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618"
              },
              {
                "name": "openSUSE-SU-2020:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html"
              },
              {
                "name": "openSUSE-SU-2020:1810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure before 5.6 allows XSS via the templates/blame.html blame view."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-01T21:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/commits/master"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.pagure.org/pagure/changelog.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618"
            },
            {
              "name": "openSUSE-SU-2020:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html"
            },
            {
              "name": "openSUSE-SU-2020:1810",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure before 5.6 allows XSS via the templates/blame.html blame view."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/commits/master",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/commits/master"
                },
                {
                  "name": "https://docs.pagure.org/pagure/changelog.html",
                  "refsource": "CONFIRM",
                  "url": "https://docs.pagure.org/pagure/changelog.html"
                },
                {
                  "name": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618",
                  "refsource": "CONFIRM",
                  "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618"
                },
                {
                  "name": "openSUSE-SU-2020:1765",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html"
                },
                {
                  "name": "openSUSE-SU-2020:1810",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11556",
        "datePublished": "2020-09-25T05:56:42.000Z",
        "dateReserved": "2019-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:55:40.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1000037 (GCVE-0-2016-1000037)

    Vulnerability from nvd – Published: 2019-11-06 18:27 – Updated: 2024-08-06 03:47
    VLAI
    Summary
    Pagure: XSS possible in file attachment endpoint
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:47:34.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000037"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure: XSS possible in file attachment endpoint"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T18:27:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000037"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-1000037",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure: XSS possible in file attachment endpoint"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json",
                  "refsource": "MISC",
                  "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000037",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000037"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037"
                },
                {
                  "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/",
                  "refsource": "MISC",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-1000037",
        "datePublished": "2019-11-06T18:27:55.000Z",
        "dateReserved": "2016-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:47:34.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7628 (GCVE-0-2019-7628)

    Vulnerability from nvd – Published: 2019-02-08 03:00 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/pull-request/4254"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/issue/4230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/issue/4252"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/issue/4253"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-08T03:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/pull-request/4254"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/issue/4230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/issue/4252"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/issue/4253"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-7628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"
                },
                {
                  "name": "https://pagure.io/pagure/pull-request/4254",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/pull-request/4254"
                },
                {
                  "name": "https://pagure.io/pagure/issue/4230",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/issue/4230"
                },
                {
                  "name": "https://pagure.io/pagure/issue/4252",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/issue/4252"
                },
                {
                  "name": "https://pagure.io/pagure/issue/4253",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/issue/4253"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-7628",
        "datePublished": "2019-02-08T03:00:00.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1002151 (GCVE-0-2017-1002151)

    Vulnerability from nvd – Published: 2017-09-14 13:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Pagure Project Pagure Affected: unspecified , < 3.3.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:08:11.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/pull-request/2426"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pagure",
              "vendor": "Pagure Project",
              "versions": [
                {
                  "lessThan": "3.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2017-07-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-14T13:00:00.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/pull-request/2426"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "DATE_ASSIGNED": "2017-07-22T15:12Z",
              "ID": "CVE-2017-1002151",
              "REQUESTER": "pingou@pingoured.fr",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pagure",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pagure Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/pull-request/2426",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/pull-request/2426"
                },
                {
                  "name": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2017-1002151",
        "datePublished": "2017-09-14T13:00:00.000Z",
        "dateReserved": "2017-09-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:30.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1000007 (GCVE-0-2016-1000007)

    Vulnerability from nvd – Published: 2016-10-07 18:00 – Updated: 2024-08-06 03:47
    VLAI
    Summary
    Pagure 2.2.1 XSS in raw file endpoint
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:47:34.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure 2.2.1 XSS in raw file endpoint"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-07T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-1000007",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure 2.2.1 XSS in raw file endpoint"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-1000007",
        "datePublished": "2016-10-07T18:00:00.000Z",
        "dateReserved": "2016-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:47:34.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4982 (GCVE-0-2024-4982)

    Vulnerability from cvelistv5 – Published: 2025-05-12 19:01 – Updated: 2025-05-12 19:16
    VLAI
    Title
    Pagure: path traversal in view_issue_raw_file()
    Summary
    A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.14.1 (semver)
    Date Public
    2024-05-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T19:16:16.496352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T19:16:28.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pagure.io/pagure",
              "defaultStatus": "unaffected",
              "packageName": "pagure",
              "versions": [
                {
                  "lessThan": "5.14.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-05-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T19:01:45.824Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4982"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279411"
            },
            {
              "name": "RHBZ#2280726",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280726"
            },
            {
              "url": "https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-06T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pagure: path traversal in view_issue_raw_file()",
          "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2024-4982",
        "datePublished": "2025-05-12T19:01:45.824Z",
        "dateReserved": "2024-05-15T22:54:26.023Z",
        "dateUpdated": "2025-05-12T19:16:28.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4981 (GCVE-0-2024-4981)

    Vulnerability from cvelistv5 – Published: 2025-05-12 18:55 – Updated: 2025-05-12 19:05
    VLAI
    Title
    Pagure: _update_file_in_git() follows symbolic links in temporary clones
    Summary
    A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 0 , < 5.14.1 (semver)
    Date Public
    2024-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T19:04:15.136644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T19:05:43.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pagure.io/pagure",
              "defaultStatus": "unaffected",
              "packageName": "pagure",
              "versions": [
                {
                  "lessThan": "5.14.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2024-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-12T18:59:13.483Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-4981"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278745"
            },
            {
              "name": "RHBZ#2280723",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280723"
            },
            {
              "url": "https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-15T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-03T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pagure: _update_file_in_git() follows symbolic links in temporary clones",
          "x_redhatCweChain": "CWE-552: Files or Directories Accessible to External Parties"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2024-4981",
        "datePublished": "2025-05-12T18:55:08.744Z",
        "dateReserved": "2024-05-15T22:44:08.761Z",
        "dateUpdated": "2025-05-12T19:05:43.641Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11556 (GCVE-0-2019-11556)

    Vulnerability from cvelistv5 – Published: 2020-09-25 05:56 – Updated: 2024-08-04 22:55
    VLAI
    Summary
    Pagure before 5.6 allows XSS via the templates/blame.html blame view.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:55:40.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/commits/master"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.pagure.org/pagure/changelog.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618"
              },
              {
                "name": "openSUSE-SU-2020:1765",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html"
              },
              {
                "name": "openSUSE-SU-2020:1810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure before 5.6 allows XSS via the templates/blame.html blame view."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-01T21:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/commits/master"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.pagure.org/pagure/changelog.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618"
            },
            {
              "name": "openSUSE-SU-2020:1765",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html"
            },
            {
              "name": "openSUSE-SU-2020:1810",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-11556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure before 5.6 allows XSS via the templates/blame.html blame view."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/commits/master",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/commits/master"
                },
                {
                  "name": "https://docs.pagure.org/pagure/changelog.html",
                  "refsource": "CONFIRM",
                  "url": "https://docs.pagure.org/pagure/changelog.html"
                },
                {
                  "name": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618",
                  "refsource": "CONFIRM",
                  "url": "https://pagure.io/pagure/c/31a0d2950ed409550074ca52ba492f9b87ec3318?branch=ab39e95ed4dc8367e5e146e6d9a9fa6925b75618"
                },
                {
                  "name": "openSUSE-SU-2020:1765",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00066.html"
                },
                {
                  "name": "openSUSE-SU-2020:1810",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00007.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11556",
        "datePublished": "2020-09-25T05:56:42.000Z",
        "dateReserved": "2019-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:55:40.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1000037 (GCVE-0-2016-1000037)

    Vulnerability from cvelistv5 – Published: 2019-11-06 18:27 – Updated: 2024-08-06 03:47
    VLAI
    Summary
    Pagure: XSS possible in file attachment endpoint
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:47:34.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000037"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure: XSS possible in file attachment endpoint"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-06T18:27:55.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000037"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-1000037",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure: XSS possible in file attachment endpoint"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json",
                  "refsource": "MISC",
                  "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000037.json"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000037",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000037"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000037"
                },
                {
                  "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/",
                  "refsource": "MISC",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7EHB2WQ46M737B2STHQTOPTBSSQJDSS/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-1000037",
        "datePublished": "2019-11-06T18:27:55.000Z",
        "dateReserved": "2016-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:47:34.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-7628 (GCVE-0-2019-7628)

    Vulnerability from cvelistv5 – Published: 2019-02-08 03:00 – Updated: 2024-08-04 20:54
    VLAI
    Summary
    Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2019-02-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:54:27.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/pull-request/4254"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/issue/4230"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/issue/4252"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/issue/4253"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2019-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-08T03:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/pull-request/4254"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/issue/4230"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/issue/4252"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/issue/4253"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2019-7628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/c/9905fb1e64341822366b6ab1d414d2baa230af0a"
                },
                {
                  "name": "https://pagure.io/pagure/pull-request/4254",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/pull-request/4254"
                },
                {
                  "name": "https://pagure.io/pagure/issue/4230",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/issue/4230"
                },
                {
                  "name": "https://pagure.io/pagure/issue/4252",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/issue/4252"
                },
                {
                  "name": "https://pagure.io/pagure/issue/4253",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/issue/4253"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-7628",
        "datePublished": "2019-02-08T03:00:00.000Z",
        "dateReserved": "2019-02-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:54:27.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1002151 (GCVE-0-2017-1002151)

    Vulnerability from cvelistv5 – Published: 2017-09-14 13:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Pagure Project Pagure Affected: unspecified , < 3.3.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T22:08:11.500Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/pull-request/2426"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pagure",
              "vendor": "Pagure Project",
              "versions": [
                {
                  "lessThan": "3.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2017-07-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-14T13:00:00.000Z",
            "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
            "shortName": "fedora"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/pull-request/2426"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "patrick@puiterwijk.org",
              "DATE_ASSIGNED": "2017-07-22T15:12Z",
              "ID": "CVE-2017-1002151",
              "REQUESTER": "pingou@pingoured.fr",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pagure",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Pagure Project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/pull-request/2426",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/pull-request/2426"
                },
                {
                  "name": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/c/c92108097e8ae4702c115ae4702b63d960838e75.patch"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "assignerShortName": "fedora",
        "cveId": "CVE-2017-1002151",
        "datePublished": "2017-09-14T13:00:00.000Z",
        "dateReserved": "2017-09-14T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:30.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-1000007 (GCVE-0-2016-1000007)

    Vulnerability from cvelistv5 – Published: 2016-10-07 18:00 – Updated: 2024-08-06 03:47
    VLAI
    Summary
    Pagure 2.2.1 XSS in raw file endpoint
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2016-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:47:34.891Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pagure 2.2.1 XSS in raw file endpoint"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-10-07T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-1000007",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pagure 2.2.1 XSS in raw file endpoint"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch",
                  "refsource": "MISC",
                  "url": "https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-1000007",
        "datePublished": "2016-10-07T18:00:00.000Z",
        "dateReserved": "2016-07-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T03:47:34.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }