Medium severity4.3NVD Advisory· Published Sep 6, 2017· Updated May 13, 2026

CVE-2015-3163

Description

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.

Affected products

Red Hat/Beaker3 versions
cpe:2.3:a:redhat:beaker:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:beaker:*:*:*:*:*:*:*:*range: <=19.3
- cpe:2.3:a:redhat:beaker:20.0:-:*:*:*:*:*:*
- cpe:2.3:a:redhat:beaker:20.0:rc1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingPatchThird Party AdvisoryVDB Entry
www.openwall.com/lists/oss-security/2015/05/08/1nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/74567nvdThird Party AdvisoryVDB Entry
beaker-project.org/jenkins-results/beaker-review-checks-docs/995/documentation/_build/html/whats-new/release-20.htmlnvdRelease NotesVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000