Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2021-40347

Published: 10/09/2021 Updated: 24/09/2021
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Postorius Project

Vulnerability Summary

An issue exists in views/list.py in GNU Mailman Postorius prior to 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postorius project postorius

Vendor Advisories

Debian CVElist Bug Report Logs: python3-django-postorius: CVE-2021-40347 New upstream to fix security bug
Debian Bug report logs - #993746 python3-django-postorius: CVE-2021-40347 New upstream to fix security bug Package: src:134-2; Maintainer for src:134-2 is (unknown); Reported by: Peter Chubb <peterchubb@unsweduau> Date: Sun, 5 Sep 2021 21:33:01 UTC Severity: important Tags: fixed-upstream, security, upstream Found ...
Debian Security Advisories: DSA-4970-1 postorius -- security update
Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing For the oldstable distribution (buster), this problem has been fixed in version 124-1+deb10u1 For the stable distribution (bullseye), this problem has been fixed in version 13 ...
Arch Linux Issues:
An issue was discovered in views/listpy in GNU Mailman Postorius before 135 An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place ...

References

NVD-CWE-noinfohttps://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474bhttps://gitlab.com/mailman/postorius/-/tagshttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993746https://gitlab.com/mailman/postorius/-/issues/531https://phabricator.wikimedia.org/T289798https://www.debian.org/security/2021/dsa-4970https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993746https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4970
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook