CVE-2008-3717

Description

Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.

Software From Fixed in
harmoni / harmoni - 1.4.7.x
harmoni / harmoni 0.0.2 0.0.2.x
harmoni / harmoni 0.0.3 0.0.3.x
harmoni / harmoni 0.0.4 0.0.4.x
harmoni / harmoni 0.0.5 0.0.5.x
harmoni / harmoni 0.1.0 0.1.0.x
harmoni / harmoni 0.10.1 0.10.1.x
harmoni / harmoni 0.11.0 0.11.0.x
harmoni / harmoni 0.12.0 0.12.0.x
harmoni / harmoni 0.12.1 0.12.1.x
harmoni / harmoni 0.12.3 0.12.3.x
harmoni / harmoni 0.13.0 0.13.0.x
harmoni / harmoni 0.13.1 0.13.1.x
harmoni / harmoni 0.13.2 0.13.2.x
harmoni / harmoni 0.13.3 0.13.3.x
harmoni / harmoni 0.13.4 0.13.4.x
harmoni / harmoni 0.13.5 0.13.5.x
harmoni / harmoni 0.13.6 0.13.6.x
harmoni / harmoni 0.13.7 0.13.7.x
harmoni / harmoni 0.2.0 0.2.0.x
harmoni / harmoni 0.3.0 0.3.0.x
harmoni / harmoni 0.3.1 0.3.1.x
harmoni / harmoni 0.3.2 0.3.2.x
harmoni / harmoni 0.5.1 0.5.1.x
harmoni / harmoni 0.6.0 0.6.0.x
harmoni / harmoni 0.6.2 0.6.2.x
harmoni / harmoni 0.7.0 0.7.0.x
harmoni / harmoni 0.7.1 0.7.1.x
harmoni / harmoni 0.7.2 0.7.2.x
harmoni / harmoni 0.7.6 0.7.6.x
harmoni / harmoni 0.7.7 0.7.7.x
harmoni / harmoni 0.9.0 0.9.0.x
harmoni / harmoni 1.0.0 1.0.0.x
harmoni / harmoni 1.0.1 1.0.1.x
harmoni / harmoni 1.0.2 1.0.2.x
harmoni / harmoni 1.0.3 1.0.3.x
harmoni / harmoni 1.0.5 1.0.5.x
harmoni / harmoni 1.0.6 1.0.6.x
harmoni / harmoni 1.1.0 1.1.0.x
harmoni / harmoni 1.3.0 1.3.0.x
harmoni / harmoni 1.3.2 1.3.2.x
harmoni / harmoni 1.3.4 1.3.4.x
harmoni / harmoni 1.3.5 1.3.5.x
harmoni / harmoni 1.4.2 1.4.2.x
harmoni / harmoni 1.4.6 1.4.6.x