CVE-2019-3902
Description
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
Related CPE's
References
Issue TrackingVendor Advisory
Third Party Advisory
Third Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | NONE |
AttackComplexity | HIGH |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | NONE |
IntegrityImpact | HIGH |
PrivilegesRequired | NONE |
BaseScore | 5.9 |
VectorString | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Version | 3.0 |
UserInteraction | NONE |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:N/C:N/I:P/A:P |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
BaseScore | 5.800000190734863 |