CVE-2009-2737

EUVD-2022-3443
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
toni_muellerroundup
1.2.0
toni_muellerroundup
1.4.0
toni_muellerroundup
1.4.1
toni_muellerroundup
1.4.2
toni_muellerroundup
1.4.3
toni_muellerroundup
1.4.4
toni_muellerroundup
1.4.5
toni_muellerroundup
1.4.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
roundup
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518768
http://issues.roundup-tracker.org/issue2550521
http://secunia.com/advisories/34192
http://www.debian.org/security/2009/dsa-1754
http://www.osvdb.org/56368
http://www.securityfocus.com/bid/34059
https://bugzilla.redhat.com/show_bug.cgi?id=489355
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00429.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00439.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518768
http://issues.roundup-tracker.org/issue2550521
http://secunia.com/advisories/34192
http://www.debian.org/security/2009/dsa-1754
http://www.osvdb.org/56368
http://www.securityfocus.com/bid/34059
https://bugzilla.redhat.com/show_bug.cgi?id=489355
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00429.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00439.html