Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-33038

Published: 26/05/2021 Updated: 04/06/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Hyperkitty Project

Vulnerability Summary

An issue exists in management/commands/hyperkitty_import.py in HyperKitty up to and including 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hyperkitty project hyperkitty

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2021-33038
Debian Bug report logs - #989183 CVE-2021-33038 Package: src:hyperkitty; Maintainer for src:hyperkitty is Debian Mailman Team <pkg-mailman-hackers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 27 May 2021 19:12:02 UTC Severity: grave Tags: security, upstream Found in version h ...
Debian Security Advisories: DSA-4922-1 hyperkitty -- security update
Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, ie that during the import of a private Mailman 2 archive the archive was publicly accessible until the import completed For the stable ...
Arch Linux Issues:
An issue was discovered in management/commands/hyperkitty_importpy in HyperKitty through 134 When importing a private mailing list's archives, these archives are publicly visible for the duration of the import For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3 ...

References

CWE-200https://gitlab.com/mailman/hyperkitty/-/issues/380https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fahttps://www.debian.org/security/2021/dsa-4922https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989183https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4922
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook