AVG-2003 log
Package | hyperkitty |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 1.3.4-2 |
Fixed | 1.3.5-1 |
Current | 1.3.12-2 [extra] |
Ticket | None |
Created | Wed May 26 16:08:06 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-35058 | Medium | No | Information disclosure | A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked... |
CVE-2021-35057 | Medium | Yes | Private key recovery | A security issue has been found in HyperKitty before version 1.3.5, where the secret archiver key is vulnerable to timing attacks. This is only exploitable... |
CVE-2021-33038 | Medium | Yes | Information disclosure | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty before version 1.3.5. When importing a private mailing list's archives,... |