CVE-2014-5028 — Sensitive Information Exposure in Review Board

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Reviewboard Review Board

Timeline

PublishedMar 29

Latest updateMay 14

Description

The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDreviewboard/review_board2.0 — 2.0.4+1

🔴Vulnerability Details

GHSA

GHSA-p869-r3h5-mpvv: The Original File and Patched File resources in Review Board 1↗2022-05-14

▶

💬Community

Bugzilla

CVE-2014-5027 CVE-2014-5028 ReviewBoard: two flaws fixed in the 1.7.27 release [epel-6]↗2014-07-28

▶

Bugzilla

CVE-2014-5027 CVE-2014-5028 ReviewBoard: two flaws fixed in the 1.7.27 release↗2014-07-28

▶