CVE-2019-7628 is a vulnerability in Red Hat Pagure
Published on February 8, 2019

Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)

NVD

Products Associated with CVE-2019-7628

Want to know whenever a new CVE is published for Red Hat Pagure? stack.watch will email you.

Red Hat Pagure

Exploit Probability

EPSS

0.20%

Percentile

41.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-7628 is a vulnerability in Red Hat PagurePublished on February 8, 2019

Products Associated with CVE-2019-7628

Exploit Probability

CVE-2019-7628 is a vulnerability in Red Hat Pagure
Published on February 8, 2019