Lucene search

Veracode Vulnerability DatabaseVERACODE:28565

HistoryDec 11, 2020 - 8:05 a.m.

Authorization Bypass

2020-12-1108:05:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sympa

authorization bypass

vulnerability

soap api

software

remote attackers

authentication

EPSS

0.003

Percentile

67.8%

JSON

sympa is vulnerable to authorization bypass. The vulnerability exists as remote attackers can obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020

github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md

github.com/sympa-community/sympa/issues/1041

github.com/sympa-community/sympa/pull/1044

lists.debian.org/debian-lts-announce/2020/12/msg00026.html

lists.fedoraproject.org/archives/list/[email protected]/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/

lists.fedoraproject.org/archives/list/[email protected]/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/

security-tracker.debian.org/tracker/CVE-2020-29668

www.debian.org/security/2020/dsa-4818

EPSS

0.003

Percentile

67.8%

JSON

Related for VERACODE:28565