CVE-2015-3163
Beaker before 20.1 has broken access control on admin pages for power types and key types, allowing remote authenticated users to modify these types by visiting /powertypes and /keytypes. The vulnerability is tied to missing access controls on those admin endpoints; the exact root cause or code p...