CVE-2015-3163

EUVD-2015-3241
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
redhatbeaker
𝑥
≤ 19.3
redhatbeaker
20.0
redhatbeaker
20.0:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/05/08/1
http://www.securityfocus.com/bid/74567
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html
https://bugzilla.redhat.com/show_bug.cgi?id=1215034
http://www.openwall.com/lists/oss-security/2015/05/08/1
http://www.securityfocus.com/bid/74567
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html
https://bugzilla.redhat.com/show_bug.cgi?id=1215034