CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42096 – mailman: CSRF token derived from admin password allows offline brute-force attack
https://notcve.org/view.php?id=CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contraseña del administrador, y puede ser útil para llevar a cabo un ataque de fuerza bruta contra esa contraseña Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list. • http://www.openwall.com/lists/oss-security/2021/10/21/4 https://bugs.launchpad.net/mailman/+bug/1947639 https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2021-42096 https://bugzilla.redhat.com/show_bug.cgi?id=2020575 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15011 – mailman: arbitrary content injection via the private archive login page
https://notcve.org/view.php?id=CVE-2020-15011
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. GNU Mailman versiones anteriores a 2.1.33, permite una inyección de contenido arbitrario por medio de la página de inicio de sesión del archivo privado Cgi/private.py • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1877379 https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html https://usn.ubuntu.com/4406-1 https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2020-15011 https://bugzilla. • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12108 – mailman: arbitrary content injection via the options login page
https://notcve.org/view.php?id=CVE-2020-12108
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyección de Contenido Arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1873722 https://code.launchpad.net/mailman https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/202 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 0CVE-2020-12137 – mailman: XSS via file attachments in list archives
https://notcve.org/view.php?id=CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. GNU Mailman versiones 2.x anteriores a la versión 2.1.30, usa una extensión .obj para partes MIME de aplications/octet-stream. Este comportamiento puede contribuir a ataques de tipo XSS contra visitantes de archivos de lista, porque una respuesta HTTP desde un servidor web de archivo puede carecer de un tipo MIME, y un navegador web puede realizar rastreo del MIME, concluir que el tipo MIME debería haber sido text/html, y ejecutar código JavaScript. • http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html http://www.openwall.com/lists/oss-security/2020/04/24/3 https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF https://lists.fedoraproject.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3693 – Local privilege escalation from user wwwrun to root in the packaging of mailman
https://notcve.org/view.php?id=CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. Una vulnerabilidad de tipo symlink following en el empaquetado de mailman en SUSE Linux Enterprise Server versión 11, SUSE Linux Enterprise Server versión 12; openSUSE Leap versión 15.1, permitió a atacantes locales escalar sus privilegios desde un usuario wwwrun a root. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html https://bugzilla.suse.com/show_bug.cgi?id=1154328 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •