UBUNTU-CVE-2021-44227

HIGH8.8

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

Published Dec 2, 2021

Modified 9 months ago

Fix available

Details

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

Affected Packages

mailman

Ubuntu Pro 16.04 LTSUbuntu 16.04 LTS

Affected versions:

1:2.1.20-11:2.1.20-1ubuntu0.11:2.1.20-1ubuntu0.31:2.1.20-1ubuntu0.41:2.1.20-1ubuntu0.51:2.1.20-1ubuntu0.61:2.1.20-1ubuntu0.6+esm11:2.1.20-1ubuntu0.6+esm2

mailman

Ubuntu 18.04 LTS

Affected versions:

1:2.1.23-11:2.1.24-11:2.1.25-11:2.1.26-11:2.1.26-1ubuntu0.11:2.1.26-1ubuntu0.21:2.1.26-1ubuntu0.31:2.1.26-1ubuntu0.41:2.1.26-1ubuntu0.5

Fixed in:

1:2.1.26-1ubuntu0.6

mailman

Ubuntu Pro 20.04 LTSUbuntu 20.04 LTS

Affected versions:

1:2.1.29-11:2.1.29-1build11:2.1.29-1ubuntu31:2.1.29-1ubuntu3.11:2.1.29-1ubuntu3.1+esm1

References

REPORT