Required CVE Record Information
Description
The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids.
References 6 Total
- https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4
- openwall.com: [oss-security] 20140722 Re: CVE requests for Review Board mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=1123692
- exchange.xforce.ibmcloud.com: reviewboard-cve20145028-sec-bypass(94813) vdb-entry
- https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases
- https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4 x_transferred
- openwall.com: [oss-security] 20140722 Re: CVE requests for Review Board mailing-listx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1123692 x_transferred
- exchange.xforce.ibmcloud.com: reviewboard-cve20145028-sec-bypass(94813) vdb-entryx_transferred
- https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases x_transferred
- https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27 x_transferred