CVE-2020-29668
LOW3.7EPSS 1.0%sympa - security update
發布日:2020/12/10修改日:2026/4/28
也稱為:DEBIAN-CVE-2020-29668
描述
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
受影響套件(2)
- Debian/sympafrom 0, < 6.2.58~dfsg-2
- Debian/sympafrom 0, < 6.2.16~dfsg-3+deb9u5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |