Red Hat Security Advisory 2021-4913-04 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
c0b2367bca6b9519cbf4eef54ab3a7cc8eece40d1140a7de1f14b7331fe671bdRed Hat Security Advisory 2021-4837-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
da322af9925df9b13306362953effa81984e67c2c5736ed7a6d7a42016b35732Red Hat Security Advisory 2021-4838-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
bb526170f9703a69821a3db3f612496e679220fb515ad16625d199b42964ede6Red Hat Security Advisory 2021-4839-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
fc6755eec5257a10ac71b7c64432cfb6808ffcb94fa7916e3ef8d310485c4506Red Hat Security Advisory 2021-4826-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
01c9eca9735075e3086e61c04041b4419b8bdee0646991eed6726a30d52e8583Ubuntu Security Notice 5121-2 - USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. It was discovered that Mailman improperly sanitize the MIME content. An attacker could obtain sensitive information by sending a special type of attachment.
3e1981a243b75d6cb9eb3b871c11554d027734dba3c108e22426fdec3c295c82Debian Linux Security Advisory 4991-1 - Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.
954d8b9822764173dd884577e87a44ad7f9a8af40f4ebc025e3d191931336710Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.
31b5089934b776c5932880b406f38f121f36e74f6461c25588737e5f22c7ff0f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed