Vulnerability Description
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beaker-Project | Beaker | <= 20.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/05/08/1Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74569Third Party AdvisoryVDB Entry
- https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documenRelease NotesVendor Advisory
- https://bugzilla.redhat.com/attachment.cgi?id=1020003Issue TrackingThird Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1215020Issue TrackingThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2015/05/08/1Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74569Third Party AdvisoryVDB Entry
- https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documenRelease NotesVendor Advisory
- https://bugzilla.redhat.com/attachment.cgi?id=1020003Issue TrackingThird Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1215020Issue TrackingThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-3160?
CVE-2015-3160 is a vulnerability with a CVSS score of 4.3 (MEDIUM). XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing en...
How severe is CVE-2015-3160?
CVE-2015-3160 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3160?
Check the references section above for vendor advisories and patch information. Affected products include: Beaker-Project Beaker.