hyperkitty

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A web interface to access GNU Mailman v3 archives
Version 1.3.12-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2003 1.3.4-2 1.3.5-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-35058 AVG-2003 Medium No Information disclosure
A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked...
CVE-2021-35057 AVG-2003 Medium Yes Private key recovery
A security issue has been found in HyperKitty before version 1.3.5, where the secret archiver key is vulnerable to timing attacks. This is only exploitable...
CVE-2021-33038 AVG-2003 Medium Yes Information disclosure
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty before version 1.3.5. When importing a private mailing list's archives,...