Описание
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (включая)
cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 10 лет назад
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
CVSS3: 4.3
debian
почти 10 лет назад
schema.py in Roundup before 1.5.1 does not properly limit attributes i ...
CVSS3: 4.3
github
больше 3 лет назад
Roundup sensitive data disclosure vulnerability
EPSS
Процентиль: 33%
0.0013
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-264