rpm package
almalinux/mailman
pkg:rpm/almalinux/mailman
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44227 | — | < 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2 | 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2 | Dec 2, 2021 | In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | ||
| CVE-2021-42097 | — | < 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2 | 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2 | Oct 21, 2021 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for ac | ||
| CVE-2021-42096 | — | < 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2 | 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2 | Oct 21, 2021 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. |
- CVE-2021-44227Dec 2, 2021affected < 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2fixed 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
- CVE-2021-42097Oct 21, 2021affected < 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2fixed 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for ac
- CVE-2021-42096Oct 21, 2021affected < 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2fixed 3:2.1.29-12.module_el8.5.0+26+48d4c9ee.2
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.