Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
References
Link | Resource |
---|---|
https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md | Mitigation Vendor Advisory |
https://github.com/sympa-community/sympa/issues/1091 | Issue Tracking Mitigation Vendor Advisory |
https://www.sympa.community/security/2021-001.html | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-12-31T00:00:00
Updated: 2023-12-31T04:25:34.516148
Reserved: 2023-12-31T00:00:00
Link: CVE-2021-46900
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-31T05:15:08.040
Modified: 2024-01-10T19:22:51.413
Link: CVE-2021-46900
JSON object: View
Redhat Information
No data.
CWE