Vendor

Beaker

Products

CVEs

Across products

Status

Private

Products

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2015-3162	Beaker Beaker	Med	0.35	5.4	0.01	Sep 6, 2017	Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
CVE-2015-3161	Beaker Beaker	Med	0.31	4.8	0.01	Sep 6, 2017	The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON.
CVE-2015-3163	Beaker Beaker	Med	0.28	4.3	0.01	Sep 6, 2017	The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
CVE-2015-3160	Beaker Beaker	Med	0.28	4.3	0.01	Sep 6, 2017	XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.

CVE-2015-3162MedSep 6, 2017
Beaker
Beaker
risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
CVE-2015-3161MedSep 6, 2017
Beaker
Beaker
risk 0.31cvss 4.8epss 0.01
The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON.
CVE-2015-3163MedSep 6, 2017
Beaker
Beaker
risk 0.28cvss 4.3epss 0.01
The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.
CVE-2015-3160MedSep 6, 2017
Beaker
Beaker
risk 0.28cvss 4.3epss 0.01
XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.