Permissions, Privileges, and Access Controls in Debian Linux - CVE-2014-6276

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU40387

Permissions, Privileges, and Access Controls in Debian Linux - CVE-2014-6276

Published: April 13, 2016 / Updated: August 9, 2020


Vulnerability identifier: #VU40387
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-6276
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Debian
Affected software:
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.


How to mitigate CVE-2014-6276

Install update from vendor's website.

Sources