CVE-2014-6276

MEDIUM

Roundup <1.5.1 - Info Disclosure

Title source: llm

Description

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

References (3)

[Various Sources] http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9

[Patch] https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3502

Scores

CVSS v3 4.3

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-264

Status draft

Affected Products (4)

roundup-tracker/roundup < 1.5.0

debian/debian_linux

pypi/roundup < 1.5.1PyPI

Timeline

Published Apr 13, 2016

Tracked Since Feb 18, 2026