oss-sec mailing list archives
Possible CVE request: sympa: vulnerability in the web interface
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 20 Jan 2015 16:45:55 +0100
Hi I would like to ask if a CVE could be assigned for the following issue (it is not clear if upstream has already requested one): https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting The advisory reads:
A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Sympa web interface newsletter posting area.
Upstream patch: https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.1-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=11562&r2=11778&view=patch Thanks in advance, Regards, Salvatore
Current thread:
- Possible CVE request: sympa: vulnerability in the web interface Salvatore Bonaccorso (Jan 20)
- Re: Possible CVE request: sympa: vulnerability in the web interface cve-assign (Jan 22)