You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ponymail.apache.org by Daniel Gruno <hu...@apache.org> on 2016/08/02 08:36:49 UTC
CVE-2016-4460: Apache Pony Mail (Incubating) disclosure vulnerability
######################################################################
CVE-2016-4460: Apache Pony Mail (Incubating) disclosure vulnerability
Severity: Moderate
Vendor: The Apache Software Foundation
Versions affected: 0.6c through 0.8b
Description:
A flaw was discovered in the access, authentication & authorization
mechanism whereby a user with sufficient knowledge of a private email
could access it without first needing to authenticate.
Mitigation:
There are three ways to mitigate the vulnerability:
- Users may upgrade to 0.9 OR
- Users may check out the latest source from git OR
- Users may apply the following patch: https://s.apache.org/PlE5
Credit:
The vulnerability was discovered by a member of the Apache Software
Foundation.
######################################################################