CVE-2020-29668
sympa - security update
3.7
LOW
CVSS 3.1
EPSS 1.0%
Description
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
How to fix CVE-2020-29668
To remediate CVE-2020-29668, upgrade the affected package to a fixed version below.
- Debian/sympa—upgrade to 6.2.58~dfsg-2 or later
- Debian/sympa—upgrade to 6.2.16~dfsg-3+deb9u5 or later
Is CVE-2020-29668 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 6.2.58~dfsg-2
- from 0, < 6.2.16~dfsg-3+deb9u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |