CVE-2018-1000550
sympa - security update
9.8
CRITICAL
CVSS 3.1
EPSS 0.45%
Description
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.
How to fix CVE-2018-1000550
To remediate CVE-2018-1000550, upgrade the affected package to a fixed version below.
- —upgrade to 6.2.32~dfsg-1 or later
- —upgrade to 6.1.23~dfsg-2+deb8u2 or later
- —upgrade to 6.2.16~dfsg-3+deb9u1 or later
Is CVE-2018-1000550 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 6.2.32~dfsg-1
- from 0, < 6.1.23~dfsg-2+deb8u2
- from 0, < 6.2.16~dfsg-3+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |