CVE-2015-3163

MEDIUM

Beaker < 20.1 - Authenticated Improper Access Control in Power and Key Types Admin Pages

Title source: llm
STIX 2.1

Description

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/05/08/1
Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1215034
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74567

Scores

CVSS v3 4.3
EPSS 0.0109
EPSS Percentile 61.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-284
Status published
Products (2)
redhat/beaker 20.0 (2 CPE variants)
redhat/beaker < 19.3
Published Sep 06, 2017
Tracked Since Feb 18, 2026