PT-2021-23524 · Unknown+8 · Gnu Mailman+8

Andre Protas

Published

2021-10-21

Updated

2024-05-11

CVE-2021-42097

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNU Mailman versions prior to 2.1.35

Description The issue allows remote Privilege Escalation. A csrf token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin, potentially leading to account takeover.

Recommendations For versions prior to 2.1.35, update to version 2.1.35 or later to resolve the issue. As a temporary workaround, consider restricting access to admin accounts or implementing additional CSRF protection measures until a patch is applied.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALSA-2021:4826

ALT-PU-2021-3235

ALT-PU-2021-3277

ALT-PU-2021-3299

ALT-PU-2021-3532

ALT-PU-2024-7639

CESA-2021_4826

CESA-2021_4913

CVE-2021-42097

DLA-2791-1

DSA-4991-1

OESA-2021-1405

OPENSUSE-SU-2021:1436-1

OPENSUSE-SU-2021:1452-1

OPENSUSE-SU-2021_1436-1

RHSA-2021:4826

RHSA-2021:4837

RHSA-2021:4838

RHSA-2021:4839

RHSA-2021:4913

RHSA-2021_4826

RHSA-2021_4913

RLSA-2021:4826

USN-5121-1

USN-5121-2

Affected Products

Alt Linux

Almalinux

Centos

Gnu Mailman

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-23524 · Unknown+8 · Gnu Mailman+8

CVE-2021-42097

Weakness Enumeration

Related Identifiers

Affected Products

References · 50