XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2015/05/08/1 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/74569 | Third Party Advisory VDB Entry |
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1 | Release Notes Vendor Advisory |
https://bugzilla.redhat.com/attachment.cgi?id=1020003 | Issue Tracking Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=1215020 | Issue Tracking Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-09-06T21:00:00
Updated: 2017-09-06T20:57:01
Reserved: 2015-04-10T00:00:00
Link: CVE-2015-3160
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-06T21:29:00.427
Modified: 2017-09-09T20:41:12.853
Link: CVE-2015-3160
JSON object: View
Redhat Information
No data.
CWE