Medium severity4.3NVD Advisory· Published Sep 6, 2017· Updated May 13, 2026

CVE-2015-3160

Description

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

Affected products

Beaker Project/Beaker
cpe:2.3:a:beaker-project:beaker:*:*:*:*:*:*:*:*
Range: <=20.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2015/05/08/1nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/74569nvdThird Party AdvisoryVDB Entry
beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.htmlnvdRelease NotesVendor Advisory
bugzilla.redhat.com/attachment.cginvdIssue TrackingThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000