CVE-2008-1475 – roundup

Package

Manager: pip
Name: roundup
Vulnerable Version: >=0 <1.4.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0047 pctl0.63626

Details

Roundup xml-rpc server improper check of property permissions The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

Metadata

Created: 2022-05-01T23:40:33Z
Modified: 2025-04-09T15:54:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j59j-h3g7-cpmf/GHSA-j59j-h3g7-cpmf.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-j59j-h3g7-cpmf
Finding: F039
Auto approve: 1