Red Hat Pagure
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Pagure . Pagure did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
| 2019 | 1 | 5.90 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Pagure vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Pagure Security Vulnerabilities
Pagure before 5.6 allows XSS
CVE-2019-11556
6.1 - Medium
- September 25, 2020
Pagure before 5.6 allows XSS via the templates/blame.html blame view.
XSS
Pagure 5.2 leaks API keys by e-mailing them to users
CVE-2019-7628
5.9 - Medium
- February 08, 2019
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)
Information Disclosure
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
CVE-2017-1002151
7.5 - High
- September 14, 2017
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
AuthZ
Pagure 2.2.1 XSS in raw file endpoint
CVE-2016-1000007
6.1 - Medium
- October 07, 2016
Pagure 2.2.1 XSS in raw file endpoint
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Pagure or by Red Hat? Click the Watch button to subscribe.
