Vulnerability Description
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sympa | Sympa | >= 6.2.16 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://github.com/sympa-community/sympa/issues/268Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html
- https://usn.ubuntu.com/4442-1/
- https://github.com/sympa-community/sympa/issues/268Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html
- https://usn.ubuntu.com/4442-1/
FAQ
What is CVE-2018-1000671?
CVE-2018-1000671 is a vulnerability with a CVSS score of 6.1 (MEDIUM). sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Ope...
How severe is CVE-2018-1000671?
CVE-2018-1000671 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000671?
Check the references section above for vendor advisories and patch information. Affected products include: Sympa Sympa, Debian Debian Linux.