CVE-2016-6189
4.3MEDIUMIncomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
Опубликовано: 2/17/2017Обновлено: 4/20/2025
Описание
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
ИИ-АнализНа базе ИИ
Затронутые продукты
alintosogo
alintosogo
Ссылки
- http://www.openwall.com/lists/oss-security/2016/07/09/3Mailing ListVDB Entry
- https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225Patch
- https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dPatch
- https://sogo.nu/bugs/view.php?id=3695ExploitVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/07/09/3Mailing ListVDB Entry
- https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225Patch
- https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dPatch
- https://sogo.nu/bugs/view.php?id=3695ExploitVendor Advisory