Описание
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.1.26-1ubuntu0.5 |
| devel | DNE | |
| esm-apps/focal | released | 1:2.1.29-1ubuntu3.1+esm1 |
| esm-infra/bionic | released | 1:2.1.26-1ubuntu0.5 |
| esm-infra/xenial | released | 1:2.1.20-1ubuntu0.6+esm2 |
| focal | ignored | end of standard support, was needed |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
Ссылки на источники
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Уязвимость пакета для управления рассылками электронных писем GNU Mailman, связанная с недостаточным ограничением попыток аутентификации, позволяющая пользователю обойти процедуру аутентификации
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3