CVE-2016-6189

medium

Description

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

References

https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d

https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225

http://www.openwall.com/lists/oss-security/2016/07/09/3

Details

Source: Mitre, NVD

Published: 2017-02-17

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00173