CVE-2021-46900
Severity CVSS v4.0:
Pending analysis
Type:
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Publication date:
31/12/2023
Last modified:
17/04/2025
Description
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* | 6.2.62 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md
- https://github.com/sympa-community/sympa/issues/1091
- https://www.sympa.community/security/2021-001.html
- https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md
- https://github.com/sympa-community/sympa/issues/1091
- https://www.sympa.community/security/2021-001.html