← volver
CVE-2020-29668

CVE-2020-29668

EPSS 2.0%
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.mdhttps://github.com/sympa-community/sympa/issues/1041https://github.com/sympa-community/sympa/pull/1044https://lists.debian.org/debian-lts-announce/2020/12/msg00026.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/https://www.debian.org/security/2020/dsa-4818