Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pagure 信息泄露漏洞
Vulnerability Description
Pagure是一款使用Python编写的提供Web服务的Git仓库。 Pagure 5.2版本中的files/api_key_expire_mail.py文件的API令牌失效提示定时任务存在安全漏洞,该漏洞源于程序通过邮件以明文形式发送密钥。攻击者可利用该漏洞获取Pagure的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A