CVE Vulnerabilities

CVE-2020-10936

Improper Privilege Management

Published: May 27, 2020 | Modified: Nov 07, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
HIGH

Sympa before 6.2.56 allows privilege escalation.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Sympa Sympa * 6.2.56 (excluding)
Sympa Ubuntu bionic *
Sympa Ubuntu eoan *
Sympa Ubuntu esm-apps/bionic *
Sympa Ubuntu esm-apps/focal *
Sympa Ubuntu esm-apps/xenial *
Sympa Ubuntu focal *
Sympa Ubuntu groovy *
Sympa Ubuntu hirsute *
Sympa Ubuntu trusty *
Sympa Ubuntu trusty/esm *
Sympa Ubuntu upstream *
Sympa Ubuntu xenial *

Potential Mitigations

References