Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2021-42096

Published: 21/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Gnu

Vulnerability Summary

GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu mailman

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-4991-1 mailman -- security update
Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page For the oldstable distribution (buster), these problems have been fixed in version 1:2129-1+deb ...
Red Hat: CVE-2021-42096
Sensitive information is exposed to unprivileged users in mailman The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list Malicious members may use the CSRF token to perform an offline brute-force attack to retrieve the list admin password ...
Arch Linux Issues:
GNU Mailman before 2135 may allow remote privilege escalation A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password ...

Mailing Lists

Full Disclosure: Mailman 2.1.35 security release
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Mailman 2135 security release <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Alan Coopersmith &lt;alancoopers ...

References

CWE-307https://bugs.launchpad.net/mailman/+bug/1947639http://www.openwall.com/lists/oss-security/2021/10/21/4https://www.debian.org/security/2021/dsa-4991https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4991
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook