Cross-Site Scripting Vulnerability in Roundup Bug Tracker Software
CVE-2019-10904

6.1MEDIUM

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
6 April 2019

Summary

Roundup version 1.6 is susceptible to Cross-Site Scripting (XSS) attacks due to improper handling of 404 errors in the 'roundup.cgi' and 'roundup/cgi/wsgi_handler.py' components. When users encounter a 404 error, attackers can exploit this vulnerability by crafting malicious URIs that could potentially lead to unauthorized access and data leakage. Organizations using Roundup should prioritize this issue to safeguard against security breaches.

References

https://github.com/python/bugs.python.org/issues/34
x_refsource_MISC
https://bugs.python.org/issue36391
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2019/04/05/1
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.