Insufficient Attribute Limitation in Roundup Schema Allows Unauthorized User Information Access

Insufficient Attribute Limitation in Roundup Schema Allows Unauthorized User Information Access

CVE-2014-6276 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

Learn more about our User Device Pen Test.