CVE-2018-1000671
published 2018-09-06CVE-2018-1000671: sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the…
PriorityP337medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.98%
89.2th percentile
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | sympa | < sympa 6.2.36~dfsg-1 (bookworm) | sympa 6.2.36~dfsg-1 (bookworm) |
| sympa | sympa | >= 0 < 6.2.36~dfsg-1 | 6.2.36~dfsg-1 |
| sympa | sympa | >= 0 < 6.2.36~dfsg-1 | 6.2.36~dfsg-1 |
| sympa | sympa | >= 0 < 6.2.36~dfsg-1 | 6.2.36~dfsg-1 |
| sympa | sympa | >= 0 < 6.2.36~dfsg-1 | 6.2.36~dfsg-1 |
| sympa | sympa | >= 0 < 6.1.17~dfsg-1ubuntu0.1~esm1 | 6.1.17~dfsg-1ubuntu0.1~esm1 |
| sympa | sympa | >= 0 < 6.1.24~dfsg-1ubuntu0.1~esm1 | 6.1.24~dfsg-1ubuntu0.1~esm1 |
| sympa | sympa | >= 0 < 6.2.24~dfsg-1ubuntu0.1~esm1 | 6.2.24~dfsg-1ubuntu0.1~esm1 |
| sympa | sympa | >= 0 < 6.2.40~dfsg-4ubuntu0.20.04.1~esm1 | 6.2.40~dfsg-4ubuntu0.20.04.1~esm1 |
| sympa | sympa | >= 6.2.16 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Sympa vulnerabilities
vendor_ubuntu·2021-03-15·CVSS 9.8
CVE-2018-1000550 [CRITICAL] Sympa vulnerabilities
Title: Sympa vulnerabilities
Summary: Several security issues were fixed in Sympa.
USN-4442-1 fixed vulnerabilities in Sympa. This update provides the
corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu
20.04 ESM. Original advisory details:
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. This issue only affected Ubuntu 16.04
ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could po
Ubuntu
Sympa vulnerabilities
vendor_ubuntu·2020-07-28·CVSS 9.8
CVE-2020-10936 [CRITICAL] Sympa vulnerabilities
Title: Sympa vulnerabilities
Summary: sympa vulnerabilities
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks.
(CVE-2018-1000671)
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2018-1000671: sympa - sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted ...
vendor_debian·2018·CVSS 6.1
CVE-2018-1000671 [MEDIUM] CVE-2018-1000671: sympa - sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted ...
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
Scope: local
bookworm: resolved (fixed in 6.2.36~dfsg-1)
bullseye: resolved (fixed in 6.2.36~dfsg-1)
forky: resolved (fixed in 6.2.36~dfsg-1)
sid: resolved (fixed in 6.2.36~dfsg-1)
trixie: resolved (fixed in 6.2.36~dfsg-1)
GHSA
GHSA-rxx7-mqqx-phw8: sympa version 6
ghsa_unreviewed·2022-05-13
CVE-2018-1000671 [MEDIUM] CWE-601 GHSA-rxx7-mqqx-phw8: sympa version 6
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
OSV
sympa vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2020-10936 [CRITICAL] sympa vulnerabilities
sympa vulnerabilities
USN-4442-1 fixed vulnerabilities in Sympa. This update provides the
corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu
20.04 ESM. Original advisory details:
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. This issue only affected Ubuntu 16.04
ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks. This issue only
OSV
sympa vulnerabilities
osv·2020-07-28·CVSS 9.8
CVE-2018-1000550 [CRITICAL] sympa vulnerabilities
sympa vulnerabilities
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks.
(CVE-2018-1000671)
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
OSV
CVE-2018-1000671: sympa version 6
osv·2018-09-06·CVSS 6.1
CVE-2018-1000671 [MEDIUM] CVE-2018-1000671: sympa version 6
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
No detection rules found.
Nuclei
Sympa version =>6.2.16 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2018-1000671 [MEDIUM] Sympa version =>6.2.16 - Cross-Site Scripting
Sympa version =>6.2.16 - Cross-Site Scripting
Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.
Template:
id: CVE-2018-1000671
info:
name: Sympa version =>6.2.16 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim'
https://github.com/sympa-community/sympa/issues/268https://lists.debian.org/debian-lts-announce/2018/09/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2020/11/msg00015.htmlhttps://usn.ubuntu.com/4442-1/https://github.com/sympa-community/sympa/issues/268https://lists.debian.org/debian-lts-announce/2018/09/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2020/11/msg00015.htmlhttps://usn.ubuntu.com/4442-1/
2018-09-06
Published