Your submission was sent successfully! Close

CVE-2021-43332

Published: 12 November 2021

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
bionic
Released (1:2.1.26-1ubuntu0.5)
focal Needs triage

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial
Released (1:2.1.20-1ubuntu0.6+esm2)