CVE-2009-2737

Published Aug 11, 2009

Last updated 15 years ago

CVSS info 5.5

Overview

Description: The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56733697-252E-46D4-9D1E-592EA9B07946"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B77E0664-DD8A-416B-A634-D20400699106"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2841E10E-228B-4D0E-841A-73B19ECF1113"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21E28655-E926-4DA1-B447-3A04733C326C"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82AED6E0-89EB-4C27-AA82-D256D5FDBADE"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44789245-3D9B-444C-921A-BF0E8E8002FD"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12164E11-5161-4CD5-9F0E-D4E496733F37"
          },
          {
            "criteria": "cpe:2.3:a:toni_mueller:roundup:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "424BBB10-A647-4B09-A838-5F4A05718B00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References