Arbitrary Content Injection in GNU Mailman by the GNU Project
CVE-2020-15011

4.3MEDIUM

Key Information:

Vendor
Gnu
Status
Mailman
Vendor
CVE Published:
24 June 2020

Summary

A vulnerability in GNU Mailman versions before 2.1.33 allows attackers to inject arbitrary content through the private archive login page, potentially compromising the integrity of the mailing list. This weakness can be exploited, leading to unauthorized access and manipulation of sensitive data, highlighting the need for users to update their systems to mitigate the risks associated with this flaw.

References

https://bugs.launchpad.net/mailman/+bug/1877379
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/06/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4406-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.