Vulnerabilities > CVE-2015-3160 - XXE vulnerability in Beaker-Project Beaker

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

beaker-project

CWE-611

NVD

Published: 2017-09-06

Updated: 2017-09-09

Summary

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

Vulnerable Configurations

Part	Description	Count
Application	Beaker-Project Beaker Project Beaker *	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://bugzilla.redhat.com/show_bug.cgi?id=1215020
https://bugzilla.redhat.com/attachment.cgi?id=1020003
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
http://www.securityfocus.com/bid/74569
http://www.openwall.com/lists/oss-security/2015/05/08/1