CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34337
https://notcve.org/view.php?id=CVE-2021-34337
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. • https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 https://gitlab.com/mailman/mailman/-/issues/911 https://gitlab.com/mailman/mailman/-/tags •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44227 – mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover
https://notcve.org/view.php?id=CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. En GNU Mailman versiones anteriores a 2.1.38, un miembro o moderador de la lista puede conseguir un token de tipo CSRF y diseñar una petición de administración (usando ese token) para establecer una nueva contraseña de administrador o hacer otros cambios A Cross-Site Request Forgery (CSRF) attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively bypassing the protection provided by CSRF tokens. A remote attacker with an account on the mailman system can use this flaw to perform a CSRF attack and perform operations on behalf of the victim admin. • https://bugs.launchpad.net/mailman/+bug/1952384 https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html https://access.redhat.com/security/cve/CVE-2021-44227 https://bugzilla.redhat.com/show_bug.cgi?id=2026862 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43332
https://notcve.org/view.php?id=CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. En GNU Mailman versiones anteriores a 2.1.36, el token CSRF para la página Cgi/admindb.py admindb contiene una versión encriptada de la contraseña del administrador de la lista. Esto podría ser potencialmente descifrado por un moderador por medio de un ataque de fuerza bruta fuera de línea • https://bugs.launchpad.net/mailman/+bug/1949403 https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43331
https://notcve.org/view.php?id=CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. En GNU Mailman versiones anteriores a 2.1.36, una URL diseñada para la página de opciones de usuario Cgi/options.py puede ejecutar JavaScript arbitrario para XSS • https://bugs.launchpad.net/mailman/+bug/1949401 https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42097 – mailman: CSRF token bypass allows to perform CSRF attacks and account takeover
https://notcve.org/view.php?id=CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). GNU Mailman versiones anteriores a 2.1.35, puede permitir una escalada de privilegios remota. Un valor csrf_token no es específico de una sola cuenta de usuario. • http://www.openwall.com/lists/oss-security/2021/10/21/4 https://bugs.launchpad.net/mailman/+bug/1947640 https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2021-42097 https://bugzilla.redhat.com/show_bug.cgi?id=2020568 • CWE-352: Cross-Site Request Forgery (CSRF) •