CVE-2016-6189
4.3MEDIUMIncomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
Publicado: 2/17/2017Atualizado: 4/20/2025
Descrição
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
Análise IADesenvolvido por IA
Produtos Afetados
alintosogo
alintosogo
Referências
- http://www.openwall.com/lists/oss-security/2016/07/09/3Mailing ListVDB Entry
- https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225Patch
- https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dPatch
- https://sogo.nu/bugs/view.php?id=3695ExploitVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/07/09/3Mailing ListVDB Entry
- https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225Patch
- https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dPatch
- https://sogo.nu/bugs/view.php?id=3695ExploitVendor Advisory