CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
83.8%
The xml-rpc server in Roundup 1.4.4 does not check property permissions,
which allows attackers to bypass restrictions and edit or read restricted
properties via the (1) list, (2) display, and (3) set methods.
Author | Note |
---|---|
jdstrand | per Debian, code introduced in 1.4.0 |