PT-2008-3041 · Roundup · Roundup

Published

2008-03-24

Updated

2022-05-01

CVE-2008-1475

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Roundup version 1.4.4

Description The issue concerns the xml-rpc server, which fails to check property permissions. This allows attackers to bypass restrictions and edit or read restricted properties using certain methods, specifically the list, display, and set methods.

Recommendations For Roundup version 1.4.4, update to a version that includes a fix for the xml-rpc server to properly check property permissions.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-284

Related Identifiers

CVE-2008-1475

GHSA-J59J-H3G7-CPMF

PYSEC-2008-10

Affected Products

Roundup

PT-2008-3041 · Roundup · Roundup

CVE-2008-1475

Weakness Enumeration

Related Identifiers

Affected Products

References · 24