CVE-2015-3160
MEDIUMBeaker < 20.0 - Authenticated XML External Entity Injection via Job XML Submission
Title source: llmDescription
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/08/1
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1215020
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/attachment.cgi?id=1020003
Release Notes, Vendor Advisory x_refsource_confirm
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74569
Scores
CVSS v3
4.3
EPSS
0.0128
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
beaker-project/beaker
< 20.0
Published
Sep 06, 2017
Tracked Since
Feb 18, 2026