GitHub Advisory DatabaseGHSA-J59J-H3G7-CPMFRoundup xml-rpc server improper check of property permissions
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
83.8%
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Affected configurations
References
secunia.com/advisories/29336
secunia.com/advisories/29375
secunia.com/advisories/30274
secunia.com/advisories/32805
security.gentoo.org/glsa/glsa-200805-21.xml
sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
www.securityfocus.com/bid/28238
www.vupen.com/english/advisories/2008/0891
bugzilla.redhat.com/show_bug.cgi?id=436546
exchange.xforce.ibmcloud.com/vulnerabilities/41240
github.com/advisories/GHSA-j59j-h3g7-cpmf
github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189
nvd.nist.gov/vuln/detail/CVE-2008-1475
www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
83.8%