CVE-2014-6276 – roundup

Package

Manager: pip
Name: roundup
Vulnerable Version: >=0 <1.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0013 pctl0.3333

Details

Roundup sensitive data disclosure vulnerability schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

Metadata

Created: 2022-05-17T03:56:49Z
Modified: 2024-10-26T22:36:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j556-q367-2gw6/GHSA-j556-q367-2gw6.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-j556-q367-2gw6
Finding: F038
Auto approve: 1