CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
66.2%
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A
csrf_token value is not specific to a single user account. An attacker can
obtain a value within the context of an unprivileged user account, and then
use that value in a CSRF attack against an admin (e.g., for account
takeover).
launchpad.net/bugs/cve/CVE-2021-42097
mail.python.org/archives/list/[email protected]/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
nvd.nist.gov/vuln/detail/CVE-2021-42097
security-tracker.debian.org/tracker/CVE-2021-42097
ubuntu.com/security/notices/USN-5121-1
ubuntu.com/security/notices/USN-5121-2
www.cve.org/CVERecord?id=CVE-2021-42097
www.openwall.com/lists/oss-security/2021/10/21/4
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
66.2%