CVE-2014-5028

The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
reviewboardreview_board
1.7.0 <
𝑥
< 1.7.27
reviewboardreview_board
2.0 ≤
𝑥
< 2.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2014/07/22/12
https://bugzilla.redhat.com/show_bug.cgi?id=1123692
https://exchange.xforce.ibmcloud.com/vulnerabilities/94813
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases
http://www.openwall.com/lists/oss-security/2014/07/22/12
https://bugzilla.redhat.com/show_bug.cgi?id=1123692
https://exchange.xforce.ibmcloud.com/vulnerabilities/94813
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases