Linux Distros Unpatched Vulnerability : CVE-2021-33038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives...

SUSE CVE-2021-33038

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during...

The software’s vulnerability involves providing a web interface for accessing GNU Mailman v3 archives and interacting with Hyperkitty lists. This vulnerability allows an attacker to gain access to confidential data.

The vulnerability of the software that provides a web interface for accessing GNU Mailman v3 archives and interacting with Hyperkitty lists is related to an error during the import of private distribution list archives, which later became publicly accessible. Exploiting this vulnerability could...

Debian DSA-4922-1 : hyperkitty - security update

Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly...

[SECURITY] [DSA 4922-1] hyperkitty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4922-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2021 https://www.debian.org/security/faq -...

Information Disclosure

hyperkitty is vulnerable to information disclosure. The vulnerability exists as private archives are publiclyu visible during imports, leading to information disclosure...

DEBIAN-CVE-2021-33038

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during...

UBUNTU-CVE-2021-33038

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during...

PYSEC-2021-77

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during...

mailman: Local users able to read private mailing list archives

It was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives...

USN-78-1: Mailman vulnerability

An path traversal vulnerability has been discovered in the "private" module of Mailman. A flawed path sanitation algorithm allowed the construction of URLS to arbitrary files readable by Mailman. This allowed a remote attacker to retrieve configuration and password databases, private list archive...