QwikSec

Security Database

CVE

CWE

Training

CVE-2021-42097

Published: Oct 21, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/

x_refsource_CONFIRM

https://bugs.launchpad.net/mailman/+bug/1947640

x_refsource_CONFIRM

[oss-security] 20211021 Mailman 2.1.35 security release

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.