CVE-2021-35058 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked into the HTTP server logs.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2003	hyperkitty	1.3.4-2	1.3.5-1	Medium	Fixed

References
https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security https://gitlab.com/mailman/hyperkitty/-/issues/387 https://gitlab.com/mailman/hyperkitty/-/merge_requests/354 https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271

References

https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security
https://gitlab.com/mailman/hyperkitty/-/issues/387
https://gitlab.com/mailman/hyperkitty/-/merge_requests/354
https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271