hyperkitty
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A web interface to access GNU Mailman v3 archives |
| Version | 1.3.12-6 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2003 | 1.3.4-2 | 1.3.5-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-35058 | AVG-2003 | Medium | No | Information disclosure | A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked... |
| CVE-2021-35057 | AVG-2003 | Medium | Yes | Private key recovery | A security issue has been found in HyperKitty before version 1.3.5, where the secret archiver key is vulnerable to timing attacks. This is only exploitable... |
| CVE-2021-33038 | AVG-2003 | Medium | Yes | Information disclosure | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty before version 1.3.5. When importing a private mailing list's archives,... |