DEBIAN-CVE-2018-1000132

DEBIAN-CVE-2018-1000132 PUBLISHED CVSS 9.100000381469727 CRITICAL

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.

Risk Scores

CVSS v3.0

9.100000381469727

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:14	mercurial	0, 0, 0
Debian:11	mercurial	0, 0, 0
Debian:13	mercurial	0, 0, 0
Debian:12	mercurial	0, 0, 0

Timeline

Mar 14, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-1000132 advisory

Open in Interactive Console →