[Bug 1186575] New: VUL-1: CVE-2021-33038: python-HyperKitty: information disclosure when importing a private mailing list
http://bugzilla.opensuse.org/show_bug.cgi?id=1186575 Bug ID: 1186575 Summary: VUL-1: CVE-2021-33038: python-HyperKitty: information disclosure when importing a private mailing list Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/300830/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: pgajdos@suse.com Reporter: rfrohl@suse.com QA Contact: security-team@suse.de CC: mmachova@suse.com Found By: Security Response Team Blocker: --- CVE-2021-33038 An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33038 https://gitlab.com/mailman/hyperkitty/-/issues/380 https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b1... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186575
http://bugzilla.opensuse.org/show_bug.cgi?id=1186575#c1
--- Comment #1 from Robert Frohl
http://bugzilla.opensuse.org/show_bug.cgi?id=1186575
http://bugzilla.opensuse.org/show_bug.cgi?id=1186575#c3
--- Comment #3 from OBSbugzilla Bot
participants (1)
-
bugzilla_noreply@suse.com