CVE-2021-34337

6.3MEDIUM

Key Information

Vendor: Gnu
Status: Mailman
Vendor: CVE Published:; 15 April 2023

Summary

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 15, 2023
Vulnerability Reserved.
Jun 8, 2021

Collectors

NVD DatabaseMitre Database