描述
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
AI分析AI驱动
受影响产品
sympasympa
sympasympa
6.2.59
fedoraprojectfedora
32
fedoraprojectfedora
33
debiandebian_linux
9.0
debiandebian_linux
10.0
参考资料
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020Mailing ListThird Party Advisory
- https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.mdRelease NotesThird Party Advisory
- https://github.com/sympa-community/sympa/issues/1041ExploitPatchThird Party Advisory
- https://github.com/sympa-community/sympa/pull/1044PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00026.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
- https://www.debian.org/security/2020/dsa-4818Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020Mailing ListThird Party Advisory
- https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.mdRelease NotesThird Party Advisory
- https://github.com/sympa-community/sympa/issues/1041ExploitPatchThird Party Advisory
- https://github.com/sympa-community/sympa/pull/1044PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/12/msg00026.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
- https://www.debian.org/security/2020/dsa-4818Third Party Advisory