mailman < 2.1.37 issues
162e701a5982
Actions

Description

security/vuxml: document mail/mailman < 2.1.37 issues

A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)

LP: A crafted URL to the user options page can execute arbitrary

javascript.

A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-43332 (LP: #1949403)

LP: The CSRF token for the admindb page contains an encrypted version of

the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.

Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332

Provenance

mandree

Authored on Nov 13 2021, 10:06 AM

Parents

R11:09a2196b7a5a: devel/bison: Update to 3.8.2

Branches

Unknown

Tags

Unknown

Path

Size

security/

vuxml/