CVE-2014-5028

medium

Description

The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.

References

Advisories
More

https://exchange.xforce.ibmcloud.com/vulnerabilities/94813

https://bugzilla.redhat.com/show_bug.cgi?id=1123692

http://www.openwall.com/lists/oss-security/2014/07/22/12

https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases

https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4

https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27

Details

Source: Mitre, NVD

Published: 2018-03-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00494