CVE-2020-11729

Published: 15 April 2020

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
awl Launchpad, Ubuntu, Debian	Upstream	Released (0.61-1, 0.60-1+deb10u1)

	Ubuntu 20.10 (Groovy Gorilla)	Not vulnerable (0.61-1)
	Ubuntu 20.04 LTS (Focal Fossa)	Released (0.60-1+deb10u1ubuntu1)
	Ubuntu 18.04 LTS (Bionic Beaver)	Needed
	Ubuntu 16.04 LTS (Xenial Xerus)	Needed
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11729
https://gitlab.com/davical-project/awl/-/issues/18
https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956650

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM