4.3
CVE-2015-3160
- EPSS 1.28%
- Veröffentlicht 06.09.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginXML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Beaker-project ≫ Beaker Version <= 20.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.28% | 0.663 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
http://www.openwall.com/lists/oss-security/2015/05/08/1
http://www.securityfocus.com/bid/74569
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
https://bugzilla.redhat.com/attachment.cgi?id=1020003
https://bugzilla.redhat.com/show_bug.cgi?id=1215020