Vulnerability Details : CVE-2014-5028
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
Vulnerability category: Information leak
Products affected by CVE-2014-5028
- cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*
- cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-5028
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5028
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2014-5028
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5028
-
http://www.openwall.com/lists/oss-security/2014/07/22/12
oss-security - Re: CVE requests for Review BoardMailing List;Third Party Advisory
-
https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
Review Board 1.7.27 Release Notes | Documentation | Review BoardVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94813
Review Board unspecified security bypass CVE-2014-5028 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases
Review Board 1.7.27 and 2.0.4 security releases | News | Review BoardVendor Advisory
-
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
Review Board 2.0.4 Release Notes | Documentation | Review BoardVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1123692
1123692 – (CVE-2014-5027, CVE-2014-5028) CVE-2014-5027 CVE-2014-5028 ReviewBoard: two flaws fixed in the 1.7.27 releaseIssue Tracking;Third Party Advisory
Jump to