CVE-2020-10936

HIGH

Sympa <6.2.56 - Privilege Escalation

Title source: llm

Description

Sympa before 6.2.56 allows privilege escalation.

Exploits (1)

github WORKING POC 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2020-10936

View Code ZIP pw:eip

References (8)

[Third Party Advisory] https://sysdream.com/news/lab/

[Release Notes, Third Party Advisory] https://github.com/sympa-community/sympa/releases

[Exploit, Third Party Advisory] https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/

[Third Party Advisory] https://usn.ubuntu.com/4442-1/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4818

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 28.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (6)

canonical/ubuntu_linux 14.04

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 31

fedoraproject/fedora 32

sympa/sympa < 6.2.56

Published May 27, 2020

Tracked Since Feb 18, 2026