CVE-2014-5028

{"id": "CVE-2014-5028", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-03-29T18:29:00.277", "references": [{"url": "http://www.openwall.com/lists/oss-security/2014/07/22/12", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123692", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94813", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.27", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.reviewboard.org/docs/releasenotes/reviewboard/2.0.4", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.reviewboard.org/news/2014/07/22/review-board-1-7-27-and-2-0-3-security-releases", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Original File and Patched File resources in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information from repository files by leveraging knowledge of database ids."}, {"lang": "es", "value": "Los recursos Original File y Patched File en Review Board, en versiones 1.7.x anteriores a la 1.7.27 y versiones 2.0.x anteriores a la 2.0.4, permiten que usuarios autenticados remotos omitan las restricciones de acceso planeadas y obtengan informaci\u00f3n sensible de archivos de repositorios aprovechando el conocimiento de las ID de la base de datos."}], "lastModified": "2018-04-24T12:58:15.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E4A551-4486-45F0-A1D6-FC64106BC116", "versionEndExcluding": "1.7.27", "versionStartExcluding": "1.7.0"}, {"criteria": "cpe:2.3:a:reviewboard:review_board:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08E0F82E-87B7-4FAF-9B7B-FDE8994DAD84", "versionEndExcluding": "2.0.4", "versionStartIncluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}