CVE-2014-6276

NONE EPSS 71.8%
Published Apr 13, 201610y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 13, 2016 10y ago
Last Modified Jun 17, 2026 2w ago

Description

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

Threat Intelligence

EPSS Exploit Probability
71.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 3

VendorProductVersionRange
roundup-trackerroundup* ≤1.5.0
debiandebian_linux7.0any
debiandebian_linux8.0any

References 3

  • hg.code.sf.net http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
  • debian.org http://www.debian.org/security/2016/dsa-3502
  • sourceforge.net https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
    Patch

Remediation

  • sourceforge.net https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
    Patch