Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
References
Link | Resource |
---|---|
https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md | Mitigation Vendor Advisory |
https://github.com/sympa-community/sympa/issues/1091 | Issue Tracking Mitigation Vendor Advisory |
https://www.sympa.community/security/2021-001.html | Mitigation Vendor Advisory |
Configurations
History
10 Jan 2024, 19:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* | |
First Time |
Sympa
Sympa sympa |
|
CWE | CWE-327 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://github.com/sympa-community/sympa/issues/1091 - Issue Tracking, Mitigation, Vendor Advisory | |
References | () https://www.sympa.community/security/2021-001.html - Mitigation, Vendor Advisory | |
References | () https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md - Mitigation, Vendor Advisory |
31 Dec 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-31 05:15
Updated : 2024-02-28 20:54
NVD link : CVE-2021-46900
Mitre link : CVE-2021-46900
CVE.ORG link : CVE-2021-46900
JSON object : View
Products Affected
sympa
- sympa
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm