Your submission was sent successfully! Close

CVE-2020-15011

Published: 24 June 2020

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

Priority

Medium

CVSS 3 base score: 4.3

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
bionic
Released (1:2.1.26-1ubuntu0.3)
eoan Ignored
(reached end-of-life)
focal
Released (1:2.1.29-1ubuntu3.1)
groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial
Released (1:2.1.20-1ubuntu0.6)