Lucene search
Ubuntu.comUB:CVE-2009-2737HistoryAug 11, 2009 - 12:00 a.m.
CVE-2009-2737
2009-08-1100:00:00
ubuntu.com
ubuntu.com
6
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.002
Percentile
60.0%
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1,
1.4 through 1.4.6, and possibly other versions does not properly check
permissions, which allows remote authenticated users with edit or create
privileges for a class to modify arbitrary items within that class, as
demonstrated by editing all queries, modifying settings, and adding roles
to users.
Bugs
Related
osv
osv
Roundup Improper Access Control
2022-05-02 03:38:04
cvelist
cvelist
CVE-2009-2737
2009-08-11 10:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-2583 (roundup)
2009-03-13 00:00:00
Fedora Core 9 FEDORA-2009-2591 (roundup)
2009-03-13 00:00:00
Debian: Security Advisory (DSA-1754-1)
2009-04-15 00:00:00
github
github
Roundup Improper Access Control
2022-05-02 03:38:04
nvd
nvd
CVE-2009-2737
2009-08-11 10:30:00
prion
prion
Design/Logic Flaw
2009-08-11 10:30:00
nessus
nessus
Fedora 9 : roundup-1.4.6-4.fc9 (2009-2591)
2009-03-12 00:00:00
Debian DSA-1754-1 : roundup - insufficient access checks
2009-04-11 00:00:00
Fedora 10 : roundup-1.4.6-4.fc10 (2009-2583)
2009-04-23 00:00:00
cve
cve
CVE-2009-2737
2009-08-11 10:30:00
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
0.002
Percentile
60.0%
Related for UB:CVE-2009-2737