Описание
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 20.0 (включая)
cpe:2.3:a:beaker-project:beaker:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00257
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.
EPSS
Процентиль: 49%
0.00257
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-611