Miggo Logo

CVE-2018-1000132: Mercurial Incorrect Access Control vulnerability

9.1

CVSS Score
3.0

Basic Information

EPSS Score
0.49228%
Published
5/13/2022
Updated
9/24/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
mercurialpip< 4.5.14.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information and references describe an Incorrect Access Control vulnerability in Mercurial's protocol server (CVE-2018-1000132) fixed in version 4.5.1. However, the GitHub patch details are explicitly shown as empty ({}) in the provided data, and none of the other sources (NVD, Debian/RH advisories, Mercurial release notes) include actual code changes or specific function references. While the vulnerability likely involved HTTP protocol handling in the hgweb module, there is insufficient evidence in the provided materials to identify exact function names, file paths, or patch line changes required by the analysis guidelines. Without concrete patch evidence showing modified functions, we cannot confidently specify vulnerable functions meeting the required precision for runtime detection signatures.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*r*uri*l v*rsion *.* *n* **rli*r *ont*ins * In*orr**t ****ss *ontrol (*W*-***) vuln*r**ility in Proto*ol s*rv*r t**t **n r*sult in Un*ut*oriz** **t* ****ss. T*is *tt**k *pp**r to ** *xploit**l* vi* n*twork *onn**tivity. T*is vuln*r**ility *pp**rs to

Reasoning

T** provi*** vuln*r**ility in*orm*tion *n* r***r*n**s **s*ri** *n In*orr**t ****ss *ontrol vuln*r**ility in M*r*uri*l's proto*ol s*rv*r (*V*-****-*******) *ix** in v*rsion *.*.*. *ow*v*r, t** *it*u* p*t** **t*ils *r* *xpli*itly s*own *s *mpty ({}) in