Описание
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Ссылки
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.7.0 (исключая) до 1.7.27 (исключая)Версия от 2.0 (включая) до 2.0.4 (исключая)
Одно из
cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*
cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00468
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.5
debian
почти 8 лет назад
The Original File and Patched File resources in Review Board 1.7.x bef ...
CVSS3: 6.5
github
больше 3 лет назад
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
EPSS
Процентиль: 64%
0.00468
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200