CVE-2015-3163
MEDIUMBeaker < 20.1 - Authenticated Improper Access Control in Power and Key Types Admin Pages
Title source: llmDescription
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/08/1
Release Notes, Vendor Advisory x_refsource_confirm
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html
Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1215034
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74567
Scores
CVSS v3
4.3
EPSS
0.0109
EPSS Percentile
61.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-284
Status
published
Products (2)
redhat/beaker
20.0 (2 CPE variants)
redhat/beaker
< 19.3
Published
Sep 06, 2017
Tracked Since
Feb 18, 2026