CVE-2014-6276
NONE EPSS 71.8%
Published Apr 13, 201610y ago · Modified Jun 17, 20262w ago
Published Apr 13, 2016 10y ago
Last Modified Jun 17, 2026 2w ago
Description
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
Threat Intelligence
EPSS Exploit Probability
71.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-264
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| roundup-tracker | roundup | * | ≤1.5.0 |
| debian | debian_linux | 7.0 | any |
| debian | debian_linux | 8.0 | any |
References 3
- hg.code.sf.net http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
- debian.org http://www.debian.org/security/2016/dsa-3502
- sourceforge.net https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
Remediation
- sourceforge.net https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt