PT-2017-6637 · Beaker · Beaker

Dan Callaghan

Published

2017-09-06

Updated

2020-03-09

CVE-2015-3163

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Beaker versions prior to 20.1

Description The issue concerns the lack of access controls on the admin pages for power types and key types in Beaker. This allows remote authenticated users to modify these types by navigating to the respective pages, such as $BEAKER/powertypes and $BEAKER/keytypes.

Recommendations For versions prior to 20.1, update to version 20.1 or later to resolve the issue.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2015-3163

Affected Products

Beaker

PT-2017-6637 · Beaker · Beaker

CVE-2015-3163

Weakness Enumeration

Related Identifiers

Affected Products

References · 5