CVE-2018-1000671

NameCVE-2018-1000671
Descriptionsympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1512-1, DLA-2441-1
Debian Bugs908165

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sympa (PTS)jessie, jessie (lts)6.1.23~dfsg-2+deb8u3fixed
stretch (security), stretch (lts), stretch6.2.16~dfsg-3+deb9u5fixed
buster (security), buster, buster (lts)6.2.40~dfsg-1+deb10u1fixed
bullseye6.2.60~dfsg-4fixed
bookworm6.2.70~dfsg-2fixed
sid, trixie6.2.72~dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sympasourcewheezy(unfixed)end-of-life
sympasourcejessie6.1.23~dfsg-2+deb8u3DLA-1512-1
sympasourcestretch6.2.16~dfsg-3+deb9u4DLA-2441-1
sympasource(unstable)6.2.36~dfsg-1908165

Notes

https://github.com/sympa-community/sympa/issues/268
https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1
https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325
Search for package or bug name: Reporting problems