Arbitrary Content Injection in GNU Mailman by Open Source Software Vendor
CVE-2020-12108

6.5MEDIUM

Key Information:

Vendor
Gnu
Status
Mailman
Vendor
CVE Published:
6 May 2020

Summary

A vulnerability in GNU Mailman prior to version 2.1.31 allows attackers to inject arbitrary content via the /options/mailman endpoint. This flaw can lead to various security concerns, exposing systems to potential exploitation and unauthorized access. Administrators are urged to update their installations to the latest version to mitigate any risks associated with this vulnerability.

References

https://code.launchpad.net/mailman
x_refsource_MISC
https://mail.python.org/pipermail/mailman-announce/
x_refsource_MISC
https://bugs.launchpad.net/mailman/+bug/1873722
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.