CVE-2021-34337
First published: Sat Apr 15 2023(Updated: )
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Mailman | <3.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-34337?
CVE-2021-34337 is a vulnerability in Mailman Core before version 3.3.5 that allows an attacker with access to the REST API to use timing attacks to determine the value of the REST API password and make arbitrary calls.
What is the severity of CVE-2021-34337?
CVE-2021-34337 has a severity rating of medium (6.3).
How can I fix CVE-2021-34337?
To fix CVE-2021-34337, it is recommended to upgrade to Mailman Core version 3.3.5 or higher.
Where can I find more information about CVE-2021-34337?
More information about CVE-2021-34337 can be found in the following references: - [GitHub Commit](https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51) - [GitHub Issue](https://gitlab.com/mailman/mailman/-/issues/911) - [GitHub Tags](https://gitlab.com/mailman/mailman/-/tags)
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/gnu
- canonical/gnu mailman