CVE-2021-44227

Опубликовано: 02 дек. 2021

Источник: debian

EPSS Низкий

Описание

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mailman	removed			package
mailman	fixed	1:2.1.29-1+deb10u4	buster	package

Примечания

https://bugs.launchpad.net/mailman/+bug/1952384
Patch: https://launchpadlibrarian.net/570827498/patch.txt
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38)
Regression: https://bugs.launchpad.net/mailman/+bug/1954694
Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39)

EPSS

Процентиль: 63%

0.0046

Низкий

Связанные уязвимости

CVE-2021-44227

CVSS3: 8.8

ubuntu

больше 3 лет назад

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2021-44227

CVSS3: 8

redhat

больше 3 лет назад

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2021-44227

CVSS3: 8.8

nvd

больше 3 лет назад

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

RLSA-2021:4916

rocky

больше 3 лет назад

Important: mailman:2.1 security update

GHSA-xq58-69h2-765m

CVSS3: 8.8

github

больше 3 лет назад

Cross Site Request Forgery in mailman

EPSS

Процентиль: 63%

0.0046

Низкий