CVE-2014-6276

NameCVE-2014-6276
Descriptionschema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3502-1
NVD severitymedium
Debian Bugs816780

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
roundupsourcewheezy1.4.20-1.1+deb7u1DSA-3502-1
roundupsourcejessie1.4.20-1.1+deb8u1DSA-3502-1
roundupsource(unstable)(unfixed)816780

Notes

http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9

Search for package or bug name: Reporting problems