Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200805-21
HistoryMay 27, 2008 - 12:00 a.m.

Roundup: Permission bypass

2008-05-2700:00:00
Gentoo Foundation
security.gentoo.org
9

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.012 Low

EPSS

Percentile

85.4%

JSON

Background

Roundup is an issue-tracking system with command-line, web and e-mail interfaces.

Description

Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474).

Impact

A remote attacker could possibly exploit the first vulnerability to edit or view restricted properties via the list(), display(), and set() methods. The impact and attack vectors of the second vulnerability are unknown.

Workaround

There is no known workaround at this time.

Resolution

All Roundup users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/roundup-1.4.4-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/roundup< 1.4.4-r1UNKNOWN

Related

nessus 6
openvas 14
securityvulns 4
github 2
osv 4
ubuntucve 2
redhatcve 2
debian 3
veracode 2
cve 2
prion 2
fedora 2
nessus
nessus
Fedora 7 : roundup-1.4.4-1.fc7 (2008-2370)
2008-03-13 00:00:00
GLSA-200805-21 : Roundup: Permission bypass
2008-05-28 00:00:00
Fedora 8 : roundup-1.4.4-1.fc8 (2008-2471)
2008-03-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200805-21 (roundup)
2008-09-24 00:00:00
Fedora Update for roundup FEDORA-2008-2471
2009-02-16 00:00:00
Gentoo Security Advisory GLSA 200805-21 (roundup)
2008-09-24 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2008-04-24 00:00:00
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability
2008-04-24 00:00:00
[SECURITY] [DSA 1554-2] New roundup packages fix regression
2008-05-08 00:00:00
github
github
Roundup vulnerability related to Cross-site scripting (XSS)
2022-05-01 23:40:33
Roundup xml-rpc server improper check of property permissions
2022-05-01 23:40:33
osv
osv
Roundup vulnerability related to Cross-site scripting (XSS)
2022-05-01 23:40:33
PYSEC-2008-9
2008-03-24 22:44:00
PYSEC-2008-10
2008-03-24 22:44:00
ubuntucve
ubuntucve
CVE-2008-1474
2008-03-24 00:00:00
CVE-2008-1475
2008-03-24 00:00:00
redhatcve
redhatcve
CVE-2008-1474
2019-10-04 22:02:03
CVE-2008-1475
2019-10-04 22:02:05
debian
debian
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability
2008-04-22 21:33:57
[SECURITY] [DSA 1554-2] New roundup packages fix regression
2008-05-06 11:29:13
[SECURITY] [DSA 1554-1] New roundup packages fix cross-site scripting vulnerability
2008-04-22 21:33:54
veracode
veracode
Cross Site Scripting(XSS)
2024-04-30 11:05:03
Authorization Bypass
2024-04-30 11:35:35
cve
cve
CVE-2008-1474
2008-03-24 22:44:00
CVE-2008-1475
2008-03-24 22:44:00
prion
prion
Cross site scripting
2008-03-24 22:44:00
Design/Logic Flaw
2008-03-24 22:44:00
fedora
fedora
[SECURITY] Fedora 8 Update: roundup-1.4.6-1.fc8
2008-11-19 14:48:40
[SECURITY] Fedora 9 Update: roundup-1.4.6-1.fc9
2008-11-19 14:51:49

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.012 Low

EPSS

Percentile

85.4%

JSON
Related for GLSA-200805-21
nessus6openvas14securityvulns4github2osv4ubuntucve2redhatcve2debian3veracode2cve2prion2fedora2