CVE-2016-6189
4.3MEDIUMIncomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
게시됨: 2/17/2017업데이트됨: 4/20/2025
설명
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
AI 분석AI 기반
영향받는 제품
alintosogo
alintosogo
참조
- http://www.openwall.com/lists/oss-security/2016/07/09/3Mailing ListVDB Entry
- https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225Patch
- https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dPatch
- https://sogo.nu/bugs/view.php?id=3695ExploitVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/07/09/3Mailing ListVDB Entry
- https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225Patch
- https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dPatch
- https://sogo.nu/bugs/view.php?id=3695ExploitVendor Advisory