CVE-2018-1000671

Priority
Description
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to
Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter
of the wwsympa.fcgi login action. that can result in Open redirection and
reflected XSS via data URIs. This attack appear to be exploitable via
Victim's browser must follow a URL supplied by the attacker. This
vulnerability appears to have been fixed in none available.
Notes
Package
Source: sympa (LP Ubuntu Debian)
Upstream:released (6.2.36~dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (6.2.40~dfsg-1)
Ubuntu 19.10 (Eoan):not-affected (6.2.40~dfsg-1)
Patches:
upstream:https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325
upstream:https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1
More Information

Updated: 2019-10-18 02:35:43 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)