AVG-2485 log
Package | mailman |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 2.1.34-2 |
Fixed | 2.1.35-1 |
Current | Removed |
Ticket | None |
Created | Thu Oct 21 08:35:50 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-42097 | Medium | Yes | Cross-site request forgery | GNU Mailman before 2.1.35 may allow remote privilege escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value... |
CVE-2021-42096 | Medium | Yes | Private key recovery | GNU Mailman before 2.1.35 may allow remote privilege escalation. A certain csrf_token value is derived from the admin password, and may be useful in... |