First published: Thu Oct 21 2021(Updated: )
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Mailman | <2.1.35 | |
Debian Debian Linux | =10.0 | |
debian/mailman | ||
<2.1.35 | ||
=10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42096 is a vulnerability in GNU Mailman before version 2.1.35 that may allow remote Privilege Escalation through a brute-force attack against the admin password.
The severity of CVE-2021-42096 is medium with a CVSS severity score of 4.3.
CVE-2021-42096 affects GNU Mailman versions before 2.1.35.
To fix CVE-2021-42096, you should update GNU Mailman to version 2.1.35 or newer.
You can find more information about CVE-2021-42096 on the MITRE website (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42096), the Python Mailman mailing list (https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/), and the OSS Security mailing list (https://www.openwall.com/lists/oss-security/2021/10/21/4).