Vulnerability Description
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Beaker | <= 19.3 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/05/08/1Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74567Third Party AdvisoryVDB Entry
- https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documenRelease NotesVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1215034ExploitIssue TrackingPatch
- http://www.openwall.com/lists/oss-security/2015/05/08/1Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74567Third Party AdvisoryVDB Entry
- https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documenRelease NotesVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1215034ExploitIssue TrackingPatch
FAQ
What is CVE-2015-3163?
CVE-2015-3163 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAK...
How severe is CVE-2015-3163?
CVE-2015-3163 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3163?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Beaker.