CVE-2015-3163

Published: Sep 6, 2017Modified: May 13, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.

Affected (3)

Products: Redhat: Beaker

Redhat

1 product

Beaker

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Beaker	Up to 19.3
Redhat Beaker	Version 20.0
Redhat Beaker	Version 20.0 rc1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://www.openwall.com/lists/oss-security/2015/05/08/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/74567

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html

Source: secalert@redhat.com

Release NotesVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1215034

Source: secalert@redhat.com

ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2015/05/08/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/74567

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1215034

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party AdvisoryVDB Entry

Timeline

No history available yet.