CVE-2015-3160

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

Published: Sep 6, 2017
Updated: Apr 13, 2023
CVE: CVE-2015-3160
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
beaker-project / beaker	-	20.0.x

http://www.openwall.com/lists/oss-security/2015/05/08/1
http://www.securityfocus.com/bid/74569
https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html#beaker-20-1
https://bugzilla.redhat.com/attachment.cgi?id=1020003
https://bugzilla.redhat.com/show_bug.cgi?id=1215020

Vulnerability Database

291,049

CVE-2015-3160