← volver
CVE-2016-6190

CVE-2016-6190

EPSS 1.2%
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dhttps://sogo.nu/bugs/view.php?id=3696http://www.openwall.com/lists/oss-security/2016/07/09/3