{"id":"PYSEC-2008-10","details":"The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.","aliases":["CVE-2008-1475","GHSA-j59j-h3g7-cpmf"],"modified":"2026-06-10T17:02:36.127057066Z","published":"2008-03-24T22:44:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=436546"},{"type":"WEB","url":"http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/28238"},{"type":"ADVISORY","url":"http://secunia.com/advisories/29336"},{"type":"ADVISORY","url":"http://secunia.com/advisories/29375"},{"type":"ADVISORY","url":"http://secunia.com/advisories/30274"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200805-21.xml"},{"type":"ADVISORY","url":"http://secunia.com/advisories/32805"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/0891"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41240"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j59j-h3g7-cpmf"}],"affected":[{"package":{"name":"roundup","ecosystem":"PyPI","purl":"pkg:pypi/roundup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.5"}]}],"versions":["0.5.9","0.6.11","0.6.8","0.6.9","0.7.0","0.7.0b3","0.7.1","0.7.11","0.7.12","0.7.2","0.7.3","0.7.4","0.7.5","0.7.7","0.7.8","0.7.9","0.8.0","0.8.0b1","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.9.0b1","1.0","1.0.1","1.1.0","1.1.1","1.1.2","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2","1.3.3","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/roundup/PYSEC-2008-10.yaml"}}],"schema_version":"1.7.5"}