Mailman vulnerability

2020-05-1100:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Releases

Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

mailman - Web-based mailing list manager (legacy branch)

Details

It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary content
in the login page.

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchmailman< 1:2.1.26-1ubuntu0.2UNKNOWN
Ubuntu18.04noarchmailman-dbgsym< 1:2.1.26-1ubuntu0.2UNKNOWN
Ubuntu16.04noarchmailman< 1:2.1.20-1ubuntu0.5UNKNOWN
Ubuntu16.04noarchmailman-dbgsym< 1:2.1.20-1ubuntu0.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.04	noarch	mailman	< 1:2.1.26-1ubuntu0.2	UNKNOWN
Ubuntu	18.04	noarch	mailman-dbgsym	< 1:2.1.26-1ubuntu0.2	UNKNOWN
Ubuntu	16.04	noarch	mailman	< 1:2.1.20-1ubuntu0.5	UNKNOWN
Ubuntu	16.04	noarch	mailman-dbgsym	< 1:2.1.20-1ubuntu0.5	UNKNOWN