Lucene search

Ubuntu.comUB:CVE-2021-46900

HistoryDec 31, 2023 - 12:00 a.m.

CVE-2021-46900

2023-12-3100:00:00

ubuntu.com

sympa

security issue

cookie parameter

salt

stored passwords

xss protection

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

Sympa before 6.2.62 relies on a cookie parameter for certain security
objectives, but does not ensure that this parameter exists and has an
unpredictable value. Specifically, the cookie parameter is both a salt for
stored passwords and an XSS protection mechanism.

Bugs

<https://github.com/sympa-community/sympa/issues/1091>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsympa< anyUNKNOWN
ubuntu20.04noarchsympa< anyUNKNOWN
ubuntu16.04noarchsympa< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	sympa	< any	UNKNOWN
ubuntu	20.04	noarch	sympa	< any	UNKNOWN
ubuntu	16.04	noarch	sympa	< any	UNKNOWN

References

github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md

launchpad.net/bugs/cve/CVE-2021-46900

nvd.nist.gov/vuln/detail/CVE-2021-46900

security-tracker.debian.org/tracker/CVE-2021-46900

www.cve.org/CVERecord?id=CVE-2021-46900

www.sympa.community/security/2021-001.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

Related for UB:CVE-2021-46900