ALPINE-CVE-2018-1000132

ALPINE-CVE-2018-1000132 PUBLISHED CVSS 9.100000381469727 CRITICAL

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Risk Scores

CVSS v3.0

9.100000381469727

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.7	mercurial	3.1-r0, 3.5.1-r0, 3.8.3-r0
Alpine:v3.6	mercurial	2.2.3-r0, 0, 1.4.1-r0
Alpine:v3.5	mercurial	0, 4.3.1-r0, 4.0.1-r0

Timeline

Mar 14, 2018 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2018-1000132 advisory

Open in Interactive Console →