CVE-2020-29668
3.7LOWSympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Publicado: 12/10/2020Actualizado: 11/21/2024
Descripción
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Análisis IAImpulsado por IA
Productos Afectados
sympasympa
sympasympa
6.2.59
fedoraprojectfedora
32
fedoraprojectfedora
33
debiandebian_linux
9.0
debiandebian_linux
10.0
Referencias
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020Mailing ListThird Party Advisory
- https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.mdRelease NotesThird Party Advisory
- https://github.com/sympa-community/sympa/issues/1041ExploitPatchThird Party Advisory
- https://github.com/sympa-community/sympa/pull/1044PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00026.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
- https://www.debian.org/security/2020/dsa-4818Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020Mailing ListThird Party Advisory
- https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.mdRelease NotesThird Party Advisory
- https://github.com/sympa-community/sympa/issues/1041ExploitPatchThird Party Advisory
- https://github.com/sympa-community/sympa/pull/1044PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00026.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
- https://www.debian.org/security/2020/dsa-4818Third Party Advisory