Incorrect access control
Synopsis
A vulnerability has been found in Kallithea.
Description
This vulnerability allows a normal user to modify the permissions of repositories they do not normally have access to, using an API call. This allows the user to get full admin access to the repository.
This issue was found and reported by:
Kacper Szurek (https://security.szurek.pl/).
Resolution
The issue is fixed by Mads Kiilerich in release 0.3.5. Users are advised to upgrade as soon as possible.
To detect a possible breach, users should verify the permissions inside Kallithea of all existing repositories.
Affected versions
As far as we know, the issue is present in all previously released Kallithea versions.
References
- Mercurial changeset fixing the issue https://kallithea-scm.org/repos/kallithea/changeset/959e009afcae55f701b1485c239e6c0c6d4c3444