CVE-2021-46900

Опубликовано: 31 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.

Ссылки

https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md
Mitigation
Vendor Advisory
https://github.com/sympa-community/sympa/issues/1091
Issue Tracking
Mitigation
Vendor Advisory
https://www.sympa.community/security/2021-001.html
Mitigation
Vendor Advisory
https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md
Mitigation
Vendor Advisory
https://github.com/sympa-community/sympa/issues/1091
Issue Tracking
Mitigation
Vendor Advisory
https://www.sympa.community/security/2021-001.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*

Версия до 6.2.62 (исключая)

EPSS

Процентиль: 33%

0.00127

Низкий

7.5 High

CVSS3

Дефекты

CWE-327

Связанные уязвимости

CVE-2021-46900

CVSS3: 7.5

ubuntu

около 2 лет назад

CVE-2021-46900

CVSS3: 7.5

debian

около 2 лет назад

Sympa before 6.2.62 relies on a cookie parameter for certain security ...

GHSA-qvwx-3j2c-25v2

CVSS3: 7.5

github

около 2 лет назад

EPSS

Процентиль: 33%

0.00127

Низкий

7.5 High

CVSS3

Дефекты

CWE-327