Main Vulnerability Database SB2016041326

SB2016041326 - Permissions, Privileges, and Access Controls in Debian Linux

Published: April 13, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016041326

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-6276)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

Remediation

Install update from vendor's website.

References

http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
http://www.debian.org/security/2016/dsa-3502
https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt