DEBIAN-CVE-2018-1000550

Source
https://security-tracker.debian.org/tracker/CVE-2018-1000550
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2018-1000550.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2018-1000550
Upstream
Published
2018-06-26T16:29:02Z
Modified
2025-09-25T22:40:38Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.

References

Affected packages

Debian:11 / sympa

Package

Name
sympa
Purl
pkg:deb/debian/sympa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.32~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sympa

Package

Name
sympa
Purl
pkg:deb/debian/sympa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.32~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sympa

Package

Name
sympa
Purl
pkg:deb/debian/sympa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.32~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / sympa

Package

Name
sympa
Purl
pkg:deb/debian/sympa?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.32~dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}