Lucene search

UbuntuUSN-5151-1

HistoryNov 18, 2021 - 12:00 a.m.

Mailman vulnerabilities

2021-11-1800:00:00

ubuntu.com

mailman

ubuntu 18.04

ubuntu 16.04

web-based mailing list manager

cve-2021-43331

cve-2021-43332

arbitrary code execution

sensitive information exposure

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

70.1%

JSON

Releases

Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

mailman - Web-based mailing list manager

Details

It was discovered that Mailman incorrectly handled certain URL.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-43331)

It was discovered that Mailman incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2021-43332)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchmailman< 1:2.1.26-1ubuntu0.5UNKNOWN
Ubuntu18.04noarchmailman-dbgsym< 1:2.1.26-1ubuntu0.5UNKNOWN
Ubuntu16.04noarchmailman< 1:2.1.20-1ubuntu0.6+esm2UNKNOWN
Ubuntu16.04noarchmailman< 1:2.1.20-1ubuntu0.6UNKNOWN
Ubuntu16.04noarchmailman-dbgsym< 1:2.1.20-1ubuntu0.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.04	noarch	mailman	< 1:2.1.26-1ubuntu0.5	UNKNOWN
Ubuntu	18.04	noarch	mailman-dbgsym	< 1:2.1.26-1ubuntu0.5	UNKNOWN
Ubuntu	16.04	noarch	mailman	< 1:2.1.20-1ubuntu0.6+esm2	UNKNOWN
Ubuntu	16.04	noarch	mailman	< 1:2.1.20-1ubuntu0.6	UNKNOWN
Ubuntu	16.04	noarch	mailman-dbgsym	< 1:2.1.20-1ubuntu0.6	UNKNOWN