Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-42097

Опубликовано: 21 окт. 2021
Источник: ubuntu
Приоритет: high
CVSS2: 8.5
CVSS3: 8

Описание

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

РелизСтатусПримечание
bionic

released

1:2.1.26-1ubuntu0.4
esm-apps/focal

released

1:2.1.29-1ubuntu3.1
esm-infra/bionic

not-affected

1:2.1.26-1ubuntu0.4
esm-infra/xenial

released

1:2.1.20-1ubuntu0.6+esm1
focal

released

1:2.1.29-1ubuntu3.1
upstream

released

2.1.35

Показывать по

8.5 High

CVSS2

8 High

CVSS3

Связанные уязвимости

CVSS3: 8
redhat
больше 3 лет назад

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

CVSS3: 8
nvd
больше 3 лет назад

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

CVSS3: 8
debian
больше 3 лет назад

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...

github
около 3 лет назад

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

suse-cvrf
больше 3 лет назад

Security update for mailman

8.5 High

CVSS2

8 High

CVSS3