CVE-2021-43332: CSRF
First published: Fri Nov 12 2021(Updated: )
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Mailman | <2.1.36 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-43332.
What is the severity of CVE-2021-43332?
The severity of CVE-2021-43332 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2021-43332?
GNU Mailman versions before 2.1.36 and Debian Debian Linux version 9.0 are affected by CVE-2021-43332.
What is the description of CVE-2021-43332?
CVE-2021-43332 is a vulnerability in GNU Mailman before 2.1.36 where the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could be cracked by a moderator via an offline brute-force attack.
How can the vulnerability in CVE-2021-43332 be exploited?
CVE-2021-43332 can be exploited by a moderator launching an offline brute-force attack to crack the encrypted version of the list admin password contained in the CSRF token for the Cgi/admindb.py admindb page.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/gnu
- canonical/gnu mailman
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0