CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42096 – mailman: CSRF token derived from admin password allows offline brute-force attack
https://notcve.org/view.php?id=CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contraseña del administrador, y puede ser útil para llevar a cabo un ataque de fuerza bruta contra esa contraseña Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list. • http://www.openwall.com/lists/oss-security/2021/10/21/4 https://bugs.launchpad.net/mailman/+bug/1947639 https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2021-42096 https://bugzilla.redhat.com/show_bug.cgi?id=2020575 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38354 – GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38354
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. El plugin GNU-Mailman Integration de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro gm_error encontrado en el archivo ~/includes/admin/mailing-lists-page.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 1.0.6 incluyéndola • https://plugins.trac.wordpress.org/browser/gnu-mailman-integration/trunk/includes/admin/mailing-lists-page.php?rev=859898#L34 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15011 – mailman: arbitrary content injection via the private archive login page
https://notcve.org/view.php?id=CVE-2020-15011
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. GNU Mailman versiones anteriores a 2.1.33, permite una inyección de contenido arbitrario por medio de la página de inicio de sesión del archivo privado Cgi/private.py • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1877379 https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html https://usn.ubuntu.com/4406-1 https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2020-15011 https://bugzilla. • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12108 – mailman: arbitrary content injection via the options login page
https://notcve.org/view.php?id=CVE-2020-12108
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyección de Contenido Arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1873722 https://code.launchpad.net/mailman https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/202 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 0CVE-2020-12137 – mailman: XSS via file attachments in list archives
https://notcve.org/view.php?id=CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. GNU Mailman versiones 2.x anteriores a la versión 2.1.30, usa una extensión .obj para partes MIME de aplications/octet-stream. Este comportamiento puede contribuir a ataques de tipo XSS contra visitantes de archivos de lista, porque una respuesta HTTP desde un servidor web de archivo puede carecer de un tipo MIME, y un navegador web puede realizar rastreo del MIME, concluir que el tipo MIME debería haber sido text/html, y ejecutar código JavaScript. • http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html http://www.openwall.com/lists/oss-security/2020/04/24/3 https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF https://lists.fedoraproject.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •