CVE-2021-42097
Summary
| CVE | CVE-2021-42097 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-10-21 01:15:00 UTC |
|---|
| Updated | 2023-11-07 03:39:00 UTC |
|---|
| Description | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-4991-1 mailman |
DEBIAN |
www.debian.org |
|
| Bug #1947640 “Potential CSRF attack via the user options page.” : Bugs : GNU Mailman |
CONFIRM |
bugs.launchpad.net |
|
| Mailman 3
Mailman 2.1 security release - Mailman-announce - python.org |
|
mail.python.org |
|
| Mailman 3
Mailman 2.1 security release - Mailman-announce - python.org |
CONFIRM |
mail.python.org |
|
| oss-security - Mailman 2.1.35 security release |
MLIST |
www.openwall.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159542 Oracle Enterprise Linux Security Update for mailman:2.1 (ELSA-2021-4826)
- 159545 Oracle Enterprise Linux Security Update for mailman (ELSA-2021-4913)
- 178829 Debian Security Update for mailman (DSA 4991-1)
- 178842 Debian Security Update for mailman (DLA 2791-1)
- 198547 Ubuntu Security Notification for Mailman Vulnerabilities (USN-5121-1)
- 198576 Ubuntu Security Notification for Mailman Vulnerabilities (USN-5121-2)
- 239908 Red Hat Update for mailman:2.1 (RHSA-2021:4837)
- 239909 Red Hat Update for mailman:2.1 (RHSA-2021:4839)
- 239910 Red Hat Update for mailman:2.1 (RHSA-2021:4826)
- 239911 Red Hat Update for mailman:2.1 (RHSA-2021:4838)
- 239928 Red Hat Update for mailman (RHSA-2021:4913)
- 257134 CentOS Security Update for mailman (CESA-2021:4913)
- 296066 Oracle Solaris 11.4 Support Repository Update (SRU) 40.107.3 Missing (CPUOCT2021)
- 353123 Amazon Linux Security Advisory for mailman : ALAS2-2022-1740
- 377175 Alibaba Cloud Linux Security Update for mailman (ALINUX2-SA-2021:0069)
- 671247 EulerOS Security Update for mailman (EulerOS-SA-2022-1177)
- 671336 EulerOS Security Update for mailman (EulerOS-SA-2022-1277)
- 690228 Free Berkeley Software Distribution (FreeBSD) Security Update for mailman (8d65aa3b-31ce-11ec-8c32-a14e8e520dc7)
- 751319 OpenSUSE Security Update for mailman (openSUSE-SU-2021:1436-1)
- 940372 AlmaLinux Security Update for mailman:2.1 (ALSA-2021:4826)
- 960352 Rocky Linux Security Update for mailman:2.1 (RLSA-2021:4826)
