CVE-2020-29668
LOW3.7EPSS 1.0%sympa - security update
Published: 12/10/2020Modified: 4/28/2026
Description
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Affected packages (2)
- Debian/sympafrom 0, < 6.2.58~dfsg-2
- Debian/sympafrom 0, < 6.2.16~dfsg-3+deb9u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |