Vulnerability Description
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hyperkitty Project | Hyperkitty | <= 1.3.4 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589PatchThird Party Advisory
- https://gitlab.com/mailman/hyperkitty/-/issues/380ExploitIssue TrackingPatch
- https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-PatchThird Party Advisory
- https://www.debian.org/security/2021/dsa-4922Third Party Advisory
- https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589PatchThird Party Advisory
- https://gitlab.com/mailman/hyperkitty/-/issues/380ExploitIssue TrackingPatch
- https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-PatchThird Party Advisory
- https://www.debian.org/security/2021/dsa-4922Third Party Advisory
FAQ
What is CVE-2021-33038?
CVE-2021-33038 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration ...
How severe is CVE-2021-33038?
CVE-2021-33038 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33038?
Check the references section above for vendor advisories and patch information. Affected products include: Hyperkitty Project Hyperkitty, Debian Debian Linux.