Описание
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | released | 1.4.20-1.1+deb8u1build0.16.04.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.4.20-1.1+deb8u1build0.14.04.1]] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 1.4.20-1.1+deb8u1build0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.4.20-1.1+deb8u1build0.14.04.1] |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
10
4 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
почти 10 лет назад
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
CVSS3: 4.3
debian
почти 10 лет назад
schema.py in Roundup before 1.5.1 does not properly limit attributes i ...
CVSS3: 4.3
github
больше 3 лет назад
Roundup sensitive data disclosure vulnerability
4 Medium
CVSS2
4.3 Medium
CVSS3