Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mercurial mercurial vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2023-5752
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mer...
Pypa Pip
6 Github repositories
NA
CVE-2022-43410
Jenkins Mercurial Plugin 1251.va_b_121f184902 and previous versions provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.
Jenkins Mercurial
578
VMScore
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions before 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via co...
Thoughtworks Gocd
445
VMScore
CVE-2022-30948
Jenkins Mercurial Plugin 2.16 and previous versions allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM cont...
Jenkins Mercurial
605
VMScore
CVE-2022-24828
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist...
Getcomposer Composer
Tenable Tenable.sc
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
578
VMScore
CVE-2022-23915
The package weblate from 0 and prior to 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
Weblate Weblate
578
VMScore
CVE-2021-29472
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. ...
Getcomposer Composer
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
356
VMScore
CVE-2020-2305
Jenkins Mercurial Plugin 2.11 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Mercurial
356
VMScore
CVE-2020-2306
A missing permission check in Jenkins Mercurial Plugin 2.11 and previous versions allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
Jenkins Mercurial
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »