Privilege escalation
Synopsis
A vulnerability has been found in Kallithea.
Description
The vulnerability that allowed logged-in users to edit or delete open pull requests associated with any repository to which they had read access, plus a related vulnerability allowing logged-in users to delete any comment from any repository, provided they could determine the comment ID and had read access to just one repository.
Resolution
Søren Løvborg wrote a patch fixing the issue, which is included in the release 0.3.2. Users are advised to upgrade as soon as possible.
Affected versions
As far as we know, the issue is present in all previously released Kallithea versions.
References
CVE-2016-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3114
Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/81057be7a5c10e1cd08d32c923468e41cf417ed1