CVE-2021-35058 - log back

CVE-2021-35058 edited at 21 Oct 2021 09:12:33
Type
- Private key recovery
+ Information disclosure
References
https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security
https://gitlab.com/mailman/hyperkitty/-/issues/387
https://gitlab.com/mailman/hyperkitty/-/merge_requests/354
https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271
CVE-2021-35058 edited at 21 Oct 2021 09:12:23
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Private key recovery
Description
+ A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked into the HTTP server logs.
References
+ https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security
+ https://gitlab.com/mailman/hyperkitty/-/issues/387
+ https://gitlab.com/mailman/hyperkitty/-/merge_requests/354
+ https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271
CVE-2021-35058 created at 21 Oct 2021 09:02:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes