VYPR

rpm package

opensuse/pagure&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/pagure&distro=openSUSE%20Tumbleweed

Vulnerabilities (1)

  • CVE-2019-7628Feb 8, 2019
    affected < 5.13.2-2.2fixed 5.13.2-2.2

    Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cro