CVE-2021-42097

2021-10-2100:00:00

ubuntu.com

mailman privilege escalation

csrf attack

admin takeover

launchpad bug reports

unix

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.2%

JSON

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A
csrf_token value is not specific to a single user account. An attacker can
obtain a value within the context of an unprivileged user account, and then
use that value in a CSRF attack against an admin (e.g., for account
takeover).

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmailman< 1:2.1.26-1ubuntu0.4UNKNOWN
ubuntu20.04noarchmailman< 1:2.1.29-1ubuntu3.1UNKNOWN
ubuntu16.04noarchmailman< 1:2.1.20-1ubuntu0.6+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	mailman	< 1:2.1.26-1ubuntu0.4	UNKNOWN
ubuntu	20.04	noarch	mailman	< 1:2.1.29-1ubuntu3.1	UNKNOWN
ubuntu	16.04	noarch	mailman	< 1:2.1.20-1ubuntu0.6+esm1	UNKNOWN