PT-2018-4248 · Beanbag · Review Board
Uchida
·
Publicado
2018-03-29
·
Atualizado
2018-04-24
·
CVE-2014-5028
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Review Board versions 1.7.x through 1.7.26
Review Board versions 2.0.x through 2.0.3
Description
The issue allows remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Recommendations
For Review Board versions 1.7.x through 1.7.26, update to version 1.7.27 or later.
For Review Board versions 2.0.x through 2.0.3, update to version 2.0.4 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Review Board