Lucene search
MitreCVELIST:CVE-2020-29668HistoryDec 10, 2020 - 7:53 a.m.
CVE-2020-29668
2020-12-1007:53:33
mitre
www.cve.org
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020
github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md
github.com/sympa-community/sympa/issues/1041
github.com/sympa-community/sympa/pull/1044
lists.debian.org/debian-lts-announce/2020/12/msg00026.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
www.debian.org/security/2020/dsa-4818
Related
freebsd
freebsd
sympa -- Unauthorised full access via SOAP API due to illegal cookie
2020-11-24 00:00:00
veracode
veracode
Authorization Bypass
2020-12-11 08:05:57
debian
debian
[SECURITY] [DLA 2499-1] sympa security update
2020-12-17 14:07:03
[SECURITY] [DSA 4818-1] sympa security update
2020-12-23 21:53:10
[SECURITY] [DSA 4818-1] sympa security update
2020-12-23 21:53:10
nessus
nessus
Debian DLA-2499-1 : sympa security update
2020-12-18 00:00:00
Fedora 32 : sympa (2021-a5570c5281)
2021-01-13 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: sympa-6.2.60-1.fc33
2021-01-13 01:59:49
[SECURITY] Fedora 32 Update: sympa-6.2.60-1.fc32
2021-01-13 01:36:03
openvas
openvas
Sympa < 6.2.60 SOAP API Vulnerability
2020-12-15 00:00:00
Fedora: Security Advisory for sympa (FEDORA-2021-11cb6626e2)
2021-01-13 00:00:00
Debian: Security Advisory (DLA-2499-1)
2020-12-18 00:00:00
cve
cve
CVE-2020-29668
2020-12-10 08:15:11
osv
osv
sympa - security update
2020-12-17 00:00:00
CVE-2020-29668
2020-12-10 08:15:11
sympa - security update
2020-12-23 00:00:00
prion
prion
Code injection
2020-12-10 08:15:00
ubuntucve
ubuntucve
CVE-2020-29668
2020-12-10 00:00:00
debiancve
debiancve
CVE-2020-29668
2020-12-10 08:15:11
nvd
nvd
CVE-2020-29668
2020-12-10 08:15:11