Remote Privilege Escalation in GNU Mailman Affects Several Versions
CVE-2021-42096

4.3MEDIUM

Key Information:

Vendor
Gnu
Status
Mailman
Vendor
CVE Published:
21 October 2021

Summary

GNU Mailman versions prior to 2.1.35 contain a vulnerability that could allow attackers to escalate their privileges remotely. This vulnerability occurs due to a specific csrf_token value being derived from the admin password, enabling brute-force attempts to compromise the password. Organizations using affected versions should update to the latest release to mitigate potential security risks.

References

https://mail.python.org/archives/list/mailman-announce%40...
x_refsource_CONFIRM
https://bugs.launchpad.net/mailman/+bug/1947639
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/10/21/4
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.