vulnerability
Oracle Linux: CVE-2021-42096: ELSA-2021-4826: mailman:2.1 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | 2021-10-21 | 2021-11-25 | 2025-01-07 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2021-10-21
Added
2021-11-25
Modified
2025-01-07
Description
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list. Malicious members may use the CSRF token to perform an offline brute-force attack to retrieve the list admin password.
Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list. Malicious members may use the CSRF token to perform an offline brute-force attack to retrieve the list admin password.
Solution
oracle-linux-upgrade-mailman
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.