PT-2018-3642 · Sympa+2 · Sympa+2

Hmpf

Published

2018-04-16

Updated

2021-03-15

CVE-2018-1000671

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions sympa versions 6.2.16 and later

Description The issue is related to an open redirection vulnerability in the referer parameter of the wwsympa.fcgi login action, which can result in open redirection and reflected XSS via data URIs. This can be exploited if a victim's browser follows a URL supplied by the attacker, potentially impacting the confidentiality and integrity of protected information.

Recommendations For sympa versions 6.2.16 and later, as a temporary workaround, consider restricting access to the referer parameter in the wwsympa.fcgi login action until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BDU:2021-02275

CVE-2018-1000671

DLA-1512-1

DLA-2441-1

USN-4442-1

USN-4442-2

Affected Products

Linuxmint

Ubuntu

Sympa

PT-2018-3642 · Sympa+2 · Sympa+2

CVE-2018-1000671

Weakness Enumeration

Related Identifiers

Affected Products

References · 21