High severityNVD Advisory· Published Feb 16, 2015· Updated May 6, 2026

CVE-2015-0260

Description

RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
RhodeCodePyPI	< 2.2.7	2.2.7
KallitheaPyPI	< 0.2	0.2

Affected products

Kallithea Scm/Kallithea
cpe:2.3:a:kallithea-scm:kallithea:0.1:*:*:*:*:*:*:*
Rhodecode/Rhodecode Enterprise
cpe:2.3:a:rhodecode:rhodecode_enterprise:*:*:*:*:*:*:*:*
Range: <=2.2.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhodecode.com/blog/rhodecode-enterprise-security-release/nvdPatchVendor Advisory
seclists.org/oss-sec/2015/q1/505nvdExploitWEB
kallithea-scm.org/security/cve-2015-0260.htmlnvdExploitVendor AdvisoryWEB
github.com/advisories/GHSA-hhx9-4vw2-x54rghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-0260ghsaADVISORY
exchange.xforce.ibmcloud.com/vulnerabilities/100888nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/kallithea/PYSEC-2015-29.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/rhodecode/PYSEC-2015-32.yamlghsaWEB
kallithea-scm.org/repos/kallithea/changeset/5923d74742879b812965568475e21c3496d722a9ghsaWEB
rhodecode.com/blog/rhodecode-enterprise-security-releaseghsaWEB
web.archive.org/web/20150321135511/http://www.securityfocus.com/bid/72573ghsaWEB
www.securityfocus.com/bid/72573nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000