Insufficient Attribute Limitation in Roundup Schema Allows Unauthorized User Information Access
CVE-2014-6276 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
Learn more about our User Device Pen Test.