CVE-2014-6276: Roundup sensitive data disclosure vulnerability

May 17, 2022 (updated October 26, 2024)

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

References

github.com/advisories/GHSA-j556-q367-2gw6
github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
github.com/roundup-tracker/roundup
nvd.nist.gov/vuln/detail/CVE-2014-6276
sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt

Code Behaviors & Features

Detect and mitigate CVE-2014-6276 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →