Sympa prior to 6.2.59b.2 allows remote malicious users to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sympa sympa 6.2.59 |
||
sympa sympa |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |