Medium severity4.3NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026

CVE-2014-6276

Description

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
roundupPyPI	< 1.5.1	1.5.1

Affected products

Roundup Tracker/Roundup
cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*
Range: <=1.5.0
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txtnvdPatchWEB
github.com/advisories/GHSA-j556-q367-2gw6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-6276ghsaADVISORY
hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9nvdWEB
www.debian.org/security/2016/dsa-3502nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000