Lucene search
GoogleOSV:GHSA-H39G-Q63V-4H9PHistoryJun 01, 2021 - 9:56 p.m.
Exposure of sensitive information to an unauthorized actor in HyperKitty
2021-06-0121:56:23
Google
osv.dev
2
0.007 Low
EPSS
Percentile
80.6%
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty prior to 1.3.5. When importing a private mailing list’s archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hyperkitty | eq | 1.3.4 | |
| hyperkitty | eq | 0.1.7 | |
| hyperkitty | eq | 1.3.4rc2 | |
| hyperkitty | eq | 0.1 | |
| hyperkitty | eq | 1.3.4rc1 | |
| hyperkitty | eq | 1.3.3 | |
| hyperkitty | eq | 1.3.3rc2 | |
| hyperkitty | eq | 0.1.4 | |
| hyperkitty | eq | 1.2.0a1 | |
| hyperkitty | eq | 1.1.4 |
References
gitlab.com/mailman/hyperkitty
gitlab.com/mailman/hyperkitty/-/blob/master/doc/news.rst#L83-L87
gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
gitlab.com/mailman/hyperkitty/-/issues/380
nvd.nist.gov/vuln/detail/CVE-2021-33038
techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3
www.debian.org/security/2021/dsa-4922
Related
prion
prion
Command injection
2021-05-26 14:15:00
github
github
Exposure of sensitive information to an unauthorized actor in HyperKitty
2021-06-01 21:56:23
nessus
nessus
Debian DSA-4922-1 : hyperkitty - security update
2021-06-01 00:00:00
openSUSE Security Update : python-HyperKitty (openSUSE-2021-861)
2021-06-10 00:00:00
veracode
veracode
Information Disclosure
2021-05-27 03:51:34
osv
osv
PYSEC-2021-77
2021-05-26 14:15:00
hyperkitty - security update
2021-05-29 00:00:00
CVE-2021-33038
2021-05-26 14:15:08
ubuntucve
ubuntucve
CVE-2021-33038
2021-05-26 00:00:00
suse
suse
Security update for python-HyperKitty (moderate)
2021-06-09 00:00:00
gitlab
gitlab
Information Exposure
2021-05-26 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4922-1)
2021-05-30 00:00:00
openSUSE: Security Advisory for python-HyperKitty (openSUSE-SU-2021:0861-1)
2021-06-10 00:00:00
debian
debian
[SECURITY] [DSA 4922-1] hyperkitty security update
2021-05-29 10:45:44
nvd
nvd
CVE-2021-33038
2021-05-26 14:15:08
cve
cve
CVE-2021-33038
2021-05-26 14:15:08
cvelist
cvelist
CVE-2021-33038
2021-05-26 13:51:14
debiancve
debiancve
CVE-2021-33038
2021-05-26 14:15:08