Lucene search

GoogleOSV:GHSA-J59J-H3G7-CPMF

HistoryMay 01, 2022 - 11:40 p.m.

Roundup xml-rpc server improper check of property permissions

2022-05-0123:40:33

Google

osv.dev

roundup

xml-rpc

security issue

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

83.8%

JSON

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

References

secunia.com/advisories/29336

secunia.com/advisories/29375

secunia.com/advisories/30274

secunia.com/advisories/32805

security.gentoo.org/glsa/glsa-200805-21.xml

sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788

www.securityfocus.com/bid/28238

www.vupen.com/english/advisories/2008/0891

bugzilla.redhat.com/show_bug.cgi?id=436546

exchange.xforce.ibmcloud.com/vulnerabilities/41240

github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189

nvd.nist.gov/vuln/detail/CVE-2008-1475

www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html