CVE-2008-1475
CRITICAL9.1EPSS 0.60%Roundup xml-rpc server improper check of property permissions
發布日:2022/5/1修改日:2025/4/9
描述
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
受影響套件(2)
- PyPI/roundupfrom 0, < 1.4.5
- PyPI/roundupfrom 0, < 1.4.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
參考連結(22)
- ADVISORYhttp://secunia.com/advisories/29336
- ADVISORYhttp://secunia.com/advisories/29375
- ADVISORYhttp://secunia.com/advisories/30274
- ADVISORYhttp://secunia.com/advisories/32805
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2008-1475
- ADVISORYhttp://www.vupen.com/english/advisories/2008/0891
- PATCHhttps://github.com/roundup-tracker/roundup
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=436546
- WEBhttp://security.gentoo.org/glsa/glsa-200805-21.xml
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41240
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-10.yaml
- WEBhttps://github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189
- WEBhttp://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
- WEBhttp://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
- WEBhttp://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
- WEBhttp://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
- WEBhttp://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
- WEBhttp://www.securityfocus.com/bid/28238