Mailman vulnerability

2020-06-2900:00:00

ubuntu.com

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

Low

EPSS

0.009

Percentile

83.2%

JSON

Releases

Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

mailman - Web-based mailing list manager (legacy branch)

Details

It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary content
in the login page.

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchmailman< 1:2.1.26-1ubuntu0.3UNKNOWN
Ubuntu18.04noarchmailman-dbgsym< 1:2.1.26-1ubuntu0.3UNKNOWN
Ubuntu16.04noarchmailman< 1:2.1.20-1ubuntu0.6UNKNOWN
Ubuntu16.04noarchmailman-dbgsym< 1:2.1.20-1ubuntu0.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.04	noarch	mailman	< 1:2.1.26-1ubuntu0.3	UNKNOWN
Ubuntu	18.04	noarch	mailman-dbgsym	< 1:2.1.26-1ubuntu0.3	UNKNOWN
Ubuntu	16.04	noarch	mailman	< 1:2.1.20-1ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	mailman-dbgsym	< 1:2.1.20-1ubuntu0.6	UNKNOWN