Published: 13/04/2016 Updated: 20/04/2016

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

schema.py in Roundup prior to 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

Vulnerable Product	Search on Vulmon	Subscribe to Product
roundup-tracker roundup
debian debian linux 8.0
debian debian linux 7.0

Debian Bug report logs - #816780 roundup: CVE-2014-6276: information leak Package: src:roundup; Maintainer for src:roundup is Kai Storbeck <kai@xs4allnl>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 5 Mar 2016 07:51:02 UTC Severity: grave Tags: fixed-upstream, jessie, security, sid, stretch, up ...

Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system An authenticated attacker could use it to see sensitive details about other users, including their hashed password After applying the update, which will fix the shipped templates, the site administrator should ensure the instanced versions (in /var/lib ...

CWE-264 http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9 https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt http://www.debian.org/security/2016/dsa-3502 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816780 https://nvd.nist.gov https://www.debian.org/security/./dsa-3502

CVE-2014-6276

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect