Lucene search
GoogleOSV:CVE-2020-29668HistoryDec 10, 2020 - 8:15 a.m.
CVE-2020-29668
2020-12-1008:15:11
Google
osv.dev
14
sympa
remote access
vulnerability
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020
github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md
github.com/sympa-community/sympa/issues/1041
github.com/sympa-community/sympa/pull/1044
lists.debian.org/debian-lts-announce/2020/12/msg00026.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
www.debian.org/security/2020/dsa-4818
Related
debian
debian
[SECURITY] [DLA 2499-1] sympa security update
2020-12-17 14:07:03
[SECURITY] [DSA 4818-1] sympa security update
2020-12-23 21:53:10
[SECURITY] [DSA 4818-1] sympa security update
2020-12-23 21:53:10
veracode
veracode
Authorization Bypass
2020-12-11 08:05:57
freebsd
freebsd
sympa -- Unauthorised full access via SOAP API due to illegal cookie
2020-11-24 00:00:00
nessus
nessus
Fedora 32 : sympa (2021-a5570c5281)
2021-01-13 00:00:00
Debian DLA-2499-1 : sympa security update
2020-12-18 00:00:00
osv
osv
sympa - security update
2020-12-17 00:00:00
sympa - security update
2020-12-23 00:00:00
prion
prion
Code injection
2020-12-10 08:15:00
cvelist
cvelist
CVE-2020-29668
2020-12-10 07:53:33
openvas
openvas
Fedora: Security Advisory for sympa (FEDORA-2021-11cb6626e2)
2021-01-13 00:00:00
Sympa < 6.2.60 SOAP API Vulnerability
2020-12-15 00:00:00
Debian: Security Advisory (DLA-2499-1)
2020-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: sympa-6.2.60-1.fc33
2021-01-13 01:59:49
[SECURITY] Fedora 32 Update: sympa-6.2.60-1.fc32
2021-01-13 01:36:03
cve
cve
CVE-2020-29668
2020-12-10 08:15:11
ubuntucve
ubuntucve
CVE-2020-29668
2020-12-10 00:00:00
debiancve
debiancve
CVE-2020-29668
2020-12-10 08:15:11
nvd
nvd
CVE-2020-29668
2020-12-10 08:15:11