CVE-2014-5028

EUVD-2014-4927
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
reviewboardreview_board
1.7.0 <
𝑥
< 1.7.27
reviewboardreview_board
2.0 ≤
𝑥
< 2.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2014/07/22/12
https://bugzilla.redhat.com/show_bug.cgi?id=1123692
https://exchange.xforce.ibmcloud.com/vulnerabilities/94813
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases
http://www.openwall.com/lists/oss-security/2014/07/22/12
https://bugzilla.redhat.com/show_bug.cgi?id=1123692
https://exchange.xforce.ibmcloud.com/vulnerabilities/94813
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases