AVG-2003 log

Package hyperkitty
Status Fixed
Severity Medium
Type multiple issues
Affected 1.3.4-2
Fixed 1.3.5-1
Current 1.3.8-1 [extra]
Ticket None
Created Wed May 26 16:08:06 2021
Issue Severity Remote Type Description
CVE-2021-35058 Medium No Information disclosure
A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked...
CVE-2021-35057 Medium Yes Private key recovery
A security issue has been found in HyperKitty before version 1.3.5, where the secret archiver key is vulnerable to timing attacks. This is only exploitable...
CVE-2021-33038 Medium Yes Information disclosure
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty before version 1.3.5. When importing a private mailing list's archives,...