CVE-2014-6276
roundup - security update
4.3
MEDIUM
CVSS 3.1
EPSS 0.13%
Description
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
How to fix CVE-2014-6276
To remediate CVE-2014-6276, upgrade the affected package to a fixed version below.
- Debian/roundup—upgrade to 1.4.20-1.1+deb7u1 or later
- —upgrade to 1.5.1 or later
- —upgrade to 1.5.1 or later
Is CVE-2014-6276 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.4.20-1.1+deb7u1
- from 0, < 1.5.1
- from 0, < 1.5.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |