[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /delivery
From:       Eric Friedrich <friede () apache ! org>
Date:       2021-10-12 0:29:24
Message-ID: 2fc32b22-64ac-3761-6e7d-e07cb0799f11 () apache ! org
[Download RAW message or body]

Description:

An authenticated Traffic Ops user with Portal-level privileges can send a =
request with a specially-crafted email subject to the =
/deliveryservices/request Traffic Ops endpoint to send an email, from the =
Traffic Ops server, with an arbitrary body to an arbitrary email address.

[prev in list] [next in list] [prev in thread] [next in thread]