CVE-2019-7628
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-7628
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in files/api_key_expire_mail.py; disabling that job is also a viable solution. (E-mailing a substring of the API key was an attempted, but rejected, solution.)
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Pagure 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Pagure是一款使用Python编写的提供Web服务的Git仓库。 Pagure 5.2版本中的files/api_key_expire_mail.py文件的API令牌失效提示定时任务存在安全漏洞,该漏洞源于程序通过邮件以明文形式发送密钥。攻击者可利用该漏洞获取Pagure的访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2019-7628
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-7628
Please Login to view more intelligence information
- https://pagure.io/pagure/issue/4230x_refsource_MISC
- https://pagure.io/pagure/issue/4252x_refsource_MISC
- https://pagure.io/pagure/issue/4253x_refsource_MISC
- https://pagure.io/pagure/pull-request/4254x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2019-7628
Same Patch Batch · n/a · 2019-02-08 · 13 CVEs total
| CVE-2019-7651 | Emsisoft Anti-Malware 权限许可和访问控制问题漏洞 | |
| CVE-2018-1352 | Fortinet FortiOS 格式化字符串错误漏洞 | |
| CVE-2018-20764 | HelpSystems BoKS 缓冲区错误漏洞 | |
| CVE-2019-7648 | Hotels_Server 信任管理问题漏洞 | |
| CVE-2019-7637 | Simple DirectMedia Layer 缓冲区错误漏洞 | |
| CVE-2019-7639 | Fedora 信任管理问题漏洞 | |
| CVE-2019-6242 | Kentico 信任管理问题漏洞 | |
| CVE-2019-7632 | 多款LifeSize产品操作系统命令注入漏洞 | |
| CVE-2019-7401 | NGINX Unit 缓冲区错误漏洞 | |
| CVE-2019-7635 | Simple DirectMedia Layer 缓冲区错误漏洞 | |
| CVE-2019-7636 | Simple DirectMedia Layer 缓冲区错误漏洞 | |
| CVE-2019-7638 | Simple DirectMedia Layer 缓冲区错误漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8248
Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qo - CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send
V. Comments for CVE-2019-7628
No comments yet