CVE-2015-3163 Information

Description

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

http://www.openwall.com/lists/oss-security/2015/05/08/1 http://www.securityfocus.com/bid/74567 https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html https://bugzilla.redhat.com/show_bug.cgi?id=1215034

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3