Vulnerabilities > CVE-2015-3160 - XXE vulnerability in Beaker-Project Beaker
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/05/08/1
- http://www.openwall.com/lists/oss-security/2015/05/08/1
- http://www.securityfocus.com/bid/74569
- http://www.securityfocus.com/bid/74569
- https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
- https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
- https://bugzilla.redhat.com/attachment.cgi?id=1020003
- https://bugzilla.redhat.com/attachment.cgi?id=1020003
- https://bugzilla.redhat.com/show_bug.cgi?id=1215020
- https://bugzilla.redhat.com/show_bug.cgi?id=1215020