The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2014/07/22/12 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1123692 | Issue Tracking Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/94813 | Third Party Advisory VDB Entry |
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27 | Vendor Advisory |
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4 | Vendor Advisory |
https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-29T18:00:00
Updated: 2018-03-29T17:57:01
Reserved: 2014-07-22T00:00:00
Link: CVE-2014-5028
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-29T18:29:00.277
Modified: 2018-04-24T12:58:15.873
Link: CVE-2014-5028
JSON object: View
Redhat Information
No data.
CWE