CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*

History

10 Jan 2024, 19:22

Type Values Removed Values Added
CPE cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*
First Time Sympa
Sympa sympa
CWE CWE-327
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://github.com/sympa-community/sympa/issues/1091 - () https://github.com/sympa-community/sympa/issues/1091 - Issue Tracking, Mitigation, Vendor Advisory
References () https://www.sympa.community/security/2021-001.html - () https://www.sympa.community/security/2021-001.html - Mitigation, Vendor Advisory
References () https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md - () https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md - Mitigation, Vendor Advisory

31 Dec 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-31 05:15

Updated : 2024-02-28 20:54


NVD link : CVE-2021-46900

Mitre link : CVE-2021-46900

CVE.ORG link : CVE-2021-46900


JSON object : View

Products Affected

sympa

  • sympa
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm