CVE-2020-29668

Published December 10th, 2020

View on NVD ↗

CVSS v3

3.7

LOW

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

sympa-community/sympa

Sympa, Mailing List Management Software

GitHub

299