CVE-2018-13796
mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Se ha descubierto un problema en GNU Mailman en versiones anteriores a la 2.1.28. Una URL manipulada podría provocar que el texto arbitrario se muestre en una página web de un sitio fiable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-07-10 CVE Reserved
- 2018-07-12 CVE Published
- 2023-12-03 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1780874 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html | Mailing List |
|
| https://www.mail-archive.com/mailman-users%40python.org/msg71003.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201904-10 | 2023-11-07 | |
| https://usn.ubuntu.com/4348-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2018-13796 | 2020-03-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1609090 | 2020-03-31 |