CVE-2014-6276
N/A
N/A
Summary
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
- http://www.debian.org/security/2016/dsa-3502
- https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
References
- http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
- http://www.debian.org/security/2016/dsa-3502
- https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.