CVE-2015-3160

Sažetak

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

Reference

http://www.openwall.com/lists/oss-security/2015/05/08/1
http://www.securityfocus.com/bid/74569
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
https://bugzilla.redhat.com/attachment.cgi?id=1020003
https://bugzilla.redhat.com/show_bug.cgi?id=1215020

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-09-2017 - 20:41

Objavljeno

06-09-2017 - 21:29