CVE-2008-1475

EUVD-2008-0009
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
roundup-trackerroundup
𝑥
≤ 1.4.3
roundup-trackerroundup
0.1.0
roundup-trackerroundup
0.1.1
roundup-trackerroundup
0.1.2
roundup-trackerroundup
0.1.3
roundup-trackerroundup
0.2.0
roundup-trackerroundup
0.2.1
roundup-trackerroundup
0.2.2
roundup-trackerroundup
0.2.3
roundup-trackerroundup
0.2.4
roundup-trackerroundup
0.2.5
roundup-trackerroundup
0.2.6
roundup-trackerroundup
0.2.7
roundup-trackerroundup
0.2.8
roundup-trackerroundup
0.3.0
roundup-trackerroundup
0.3.0:pre1
roundup-trackerroundup
0.3.0:pre2
roundup-trackerroundup
0.3.0:pre3
roundup-trackerroundup
0.4.0
roundup-trackerroundup
0.4.0:b1
roundup-trackerroundup
0.4.0:b2
roundup-trackerroundup
0.4.1
roundup-trackerroundup
0.4.2
roundup-trackerroundup
0.4.2:pr1
roundup-trackerroundup
0.5
roundup-trackerroundup
0.5.0
roundup-trackerroundup
0.5.0:beta1
roundup-trackerroundup
0.5.0:beta2
roundup-trackerroundup
0.5.0:pr1
roundup-trackerroundup
0.5.1
roundup-trackerroundup
0.5.2
roundup-trackerroundup
0.5.3
roundup-trackerroundup
0.5.4
roundup-trackerroundup
0.5.5
roundup-trackerroundup
0.5.6
roundup-trackerroundup
0.5.7
roundup-trackerroundup
0.5.8:stable
roundup-trackerroundup
0.5.9
roundup-trackerroundup
0.6.0
roundup-trackerroundup
0.6.0:b1
roundup-trackerroundup
0.6.0:b2
roundup-trackerroundup
0.6.0:b3
roundup-trackerroundup
0.6.0:b4
roundup-trackerroundup
0.6.1
roundup-trackerroundup
0.6.2
roundup-trackerroundup
0.6.3
roundup-trackerroundup
0.6.4
roundup-trackerroundup
0.6.5
roundup-trackerroundup
0.6.6
roundup-trackerroundup
0.6.7
roundup-trackerroundup
0.6.8
roundup-trackerroundup
0.6.9
roundup-trackerroundup
0.6.10
roundup-trackerroundup
0.6.11
roundup-trackerroundup
0.7.0
roundup-trackerroundup
0.7.0:b1
roundup-trackerroundup
0.7.0:b2
roundup-trackerroundup
0.7.0:b3
roundup-trackerroundup
0.7.1
roundup-trackerroundup
0.7.2
roundup-trackerroundup
0.7.3
roundup-trackerroundup
0.7.4
roundup-trackerroundup
0.7.5
roundup-trackerroundup
0.7.6
roundup-trackerroundup
0.7.7
roundup-trackerroundup
0.7.8
roundup-trackerroundup
0.7.9
roundup-trackerroundup
0.7.10
roundup-trackerroundup
0.7.11
roundup-trackerroundup
0.7.12
roundup-trackerroundup
0.8.0
roundup-trackerroundup
0.8.0:b1
roundup-trackerroundup
0.8.0:b2
roundup-trackerroundup
0.8.1
roundup-trackerroundup
0.8.2
roundup-trackerroundup
0.8.3
roundup-trackerroundup
0.8.4
roundup-trackerroundup
0.8.5
roundup-trackerroundup
0.8.6
roundup-trackerroundup
0.9.0:b1
roundup-trackerroundup
1.0
roundup-trackerroundup
1.0.1
roundup-trackerroundup
1.1.0
roundup-trackerroundup
1.1.1
roundup-trackerroundup
1.1.2
roundup-trackerroundup
1.2.0
roundup-trackerroundup
1.2.1
roundup-trackerroundup
1.3.0
roundup-trackerroundup
1.3.1
roundup-trackerroundup
1.3.2
roundup-trackerroundup
1.3.3
roundup-trackerroundup
1.4.0
roundup-trackerroundup
1.4.1
roundup-trackerroundup
1.4.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
roundup
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/29336
http://secunia.com/advisories/29375
http://secunia.com/advisories/30274
http://secunia.com/advisories/32805
http://security.gentoo.org/glsa/glsa-200805-21.xml
http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
http://www.securityfocus.com/bid/28238
http://www.vupen.com/english/advisories/2008/0891
https://bugzilla.redhat.com/show_bug.cgi?id=436546
https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
http://secunia.com/advisories/29336
http://secunia.com/advisories/29375
http://secunia.com/advisories/30274
http://secunia.com/advisories/32805
http://security.gentoo.org/glsa/glsa-200805-21.xml
http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
http://www.securityfocus.com/bid/28238
http://www.vupen.com/english/advisories/2008/0891
https://bugzilla.redhat.com/show_bug.cgi?id=436546
https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html