Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote privilege escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

Source

Severity Medium

Remote Yes

Type Cross-site request forgery

Description

GNU Mailman before 2.1.35 may allow remote privilege escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

AVG-2485 mailman 2.1.34-2 2.1.35-1 Medium Fixed

https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
https://bugs.launchpad.net/mailman/+bug/1947640
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect