/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Opensuse
  • Leap
  • Backports Sle
Gnu
  • Mailman
Canonical
  • Ubuntu Linux
Fedoraproject
  • Fedora
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html Mailing List Third Party Advisory
https://bugs.launchpad.net/mailman/+bug/1873722 Exploit Issue Tracking Patch Third Party Advisory
https://code.launchpad.net/mailman Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/
https://mail.python.org/pipermail/mailman-announce/ Release Notes Third Party Advisory
https://usn.ubuntu.com/4354-1/ Third Party Advisory
https://www.debian.org/security/2021/dsa-4991 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-05-06T14:50:33

Updated: 2021-10-23T10:06:15

Reserved: 2020-04-23T00:00:00

Link: CVE-2020-12108

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2020-05-06T15:15:11.240

Modified: 2023-11-07T03:15:19.933

Link: CVE-2020-12108

JSON object: View

cve-icon Redhat Information

No data.

CWE