Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/07/09/3 | Mailing List VDB Entry |
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 | Patch |
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d | Patch |
https://sogo.nu/bugs/view.php?id=3695 | Exploit Vendor Advisory |
http://www.openwall.com/lists/oss-security/2016/07/09/3 | Mailing List VDB Entry |
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 | Patch |
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d | Patch |
https://sogo.nu/bugs/view.php?id=3695 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2016/07/09/3 - Mailing List, VDB Entry | |
References | () https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 - Patch | |
References | () https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d - Patch | |
References | () https://sogo.nu/bugs/view.php?id=3695 - Exploit, Vendor Advisory |
20 Dec 2022, 16:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:* |
Information
Published : 2017-02-17 17:59
Updated : 2024-11-21 02:55
NVD link : CVE-2016-6189
Mitre link : CVE-2016-6189
CVE.ORG link : CVE-2016-6189
JSON object : View
Products Affected
alinto
- sogo
CWE
CWE-184
Incomplete List of Disallowed Inputs