Vulnerability Report

CVE-2008-2942

Title: Mercurial Path Traversal / LFI

Path Traversal / LFI

Proof Of Concept

No public PoC currently indexed for CVE-2008-2942.

CWE Category CWE-22
Published Date Jun 30, 2008
Modified Date Apr 09, 2025
Exploit Status Not Found
Score 6.8 CVSS v2.0
Exploit Probability (EPSS)
0.58%

Vulnerability Summary

CVE-2008-2942: Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

Impacted Vendors

M
mercurial 1
J
jenkins 1

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://secunia.com/advisories/31108 http://secunia.com/advisories/31110 http://secunia.com/advisories/31167 http://security.gentoo.org/glsa/glsa-200807-09.xml http://wiki.rpath.com/Advisories:rPSA-2008-0211 http://www.openwall.com/lists/oss-security/2008/06/30/1 http://www.openwall.com/lists/oss-security/2008/07/01/1 http://www.securityfocus.com/archive/1/493881/100/0/threaded http://www.securityfocus.com/bid/30072 http://www.selenic.com/hg/rev/87c704ac92d4 https://exchange.xforce.ibmcloud.com/vulnerabilities/43551 https://issues.rpath.com/browse/RPL-2633 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://secunia.com/advisories/31108 http://secunia.com/advisories/31110 http://secunia.com/advisories/31167 http://security.gentoo.org/glsa/glsa-200807-09.xml http://wiki.rpath.com/Advisories:rPSA-2008-0211 http://www.openwall.com/lists/oss-security/2008/06/30/1 http://www.openwall.com/lists/oss-security/2008/07/01/1 http://www.securityfocus.com/archive/1/493881/100/0/threaded http://www.securityfocus.com/bid/30072 http://www.selenic.com/hg/rev/87c704ac92d4 https://exchange.xforce.ibmcloud.com/vulnerabilities/43551 https://issues.rpath.com/browse/RPL-2633
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
6.8
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-2942 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.