Описание
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Release NotesVendor Advisory
- ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 19.3 (включая)
Одно из
cpe:2.3:a:redhat:beaker:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:beaker:20.0:-:*:*:*:*:*:*
cpe:2.3:a:redhat:beaker:20.0:rc1:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00462
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
EPSS
Процентиль: 64%
0.00462
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-284