VDB
CVE-2008-1475
CVE-2008-1475
PUBLISHED
CVSS 6.400000095367432 MEDIUM
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
EPSS 0.60% · 69.8th percentile
Risk Scores
CVSS 2.0
6.400000095367432
EPSS Score
0.60%
69.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| roundup-tracker | roundup | 0, 0.1.0, 0.3.0 |
| PyPI | roundup | 0 |
Timeline
- Mar 24, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 30274 third-party-advisory
- FEDORA-2008-9734 vendor-advisory
- 28238 vdb
- GLSA-200805-21 vendor-advisory
- 29336 third-party-advisory
- http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788 url
- FEDORA-2008-9712 vendor-advisory
- FEDORA-2008-2471 vendor-advisory
- FEDORA-2008-2370 vendor-advisory
- 32805 third-party-advisory
- 29375 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=436546 url
- roundup-xmlrpc-security-bypass(41240) vdb
- ADV-2008-0891 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2008-1475 advisory
- https://github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189 url
- https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-10.yaml url
- https://github.com/roundup-tracker/roundup package
- http://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html url
- http://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html url
…and 2 more