CVE-2012-2352Sympa vulnerability

CWE-2644 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 20.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SympaDebian Sympa
Timeline
PublishedMay 31
Latest updateMay 17

Description

The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/sympa< sympa 6.1.11~dfsg-1 (bookworm)
Debiansympa/sympa< 6.1.11~dfsg-1+3
NVDsympa/sympa6.1.10+158

🔴Vulnerability Details

2
GHSA
GHSA-6v7x-rrr8-6jrv: The archive management (arc_manage) page in wwsympa/wwsympa2022-05-17
OSV
CVE-2012-2352: The archive management (arc_manage) page in wwsympa/wwsympa2012-05-31

📋Vendor Advisories

1
Debian
CVE-2012-2352: sympa - The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa bef...2012
CVE-2012-2352 — Debian Sympa vulnerability | cvebase