QwikSec

Security Database

CVE

CWE

Training

CVE-2021-33038

Published: May 26, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.com/mailman/hyperkitty/-/issues/380

x_refsource_CONFIRM

https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.