Lucene search

K

GoogleOSV:CVE-2020-29668

HistoryDec 10, 2020 - 8:15 a.m.

CVE-2020-29668

2020-12-1008:15:11

Google

osv.dev

10

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

CPENameOperatorVersion
sympaeq6.2.57b.1
sympaeq6.2.38
sympaeq6.2.41b.1
sympaeq6.2.45b.1
sympaeq6.2.16
sympaeq6.2.32
sympaeq6.2.48
sympaeq6.2.52
sympaeq6.2.36
sympaeq6.2.43b.2

Rows per page:

1-10 of 501

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020

github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md

github.com/sympa-community/sympa/issues/1041

github.com/sympa-community/sympa/pull/1044

lists.debian.org/debian-lts-announce/2020/12/msg00026.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/

www.debian.org/security/2020/dsa-4818

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

67.8%

Related for OSV:CVE-2020-29668

freebsd1 veracode1 debian3 nessus5 fedora2 openvas5 cve1 osv2 cvelist1 prion1 nvd1 ubuntucve1 debiancve1