Red Hat Security Advisory 2021-4913-04 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
c0b2367bca6b9519cbf4eef54ab3a7cc8eece40d1140a7de1f14b7331fe671bd
Red Hat Security Advisory 2021-4837-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
da322af9925df9b13306362953effa81984e67c2c5736ed7a6d7a42016b35732
Red Hat Security Advisory 2021-4838-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
bb526170f9703a69821a3db3f612496e679220fb515ad16625d199b42964ede6
Red Hat Security Advisory 2021-4839-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
fc6755eec5257a10ac71b7c64432cfb6808ffcb94fa7916e3ef8d310485c4506
Red Hat Security Advisory 2021-4826-02 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.
01c9eca9735075e3086e61c04041b4419b8bdee0646991eed6726a30d52e8583
Ubuntu Security Notice 5121-2 - USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. It was discovered that Mailman improperly sanitize the MIME content. An attacker could obtain sensitive information by sending a special type of attachment.
3e1981a243b75d6cb9eb3b871c11554d027734dba3c108e22426fdec3c295c82
Debian Linux Security Advisory 4991-1 - Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page.
954d8b9822764173dd884577e87a44ad7f9a8af40f4ebc025e3d191931336710
Ubuntu Security Notice 5121-1 - Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross-site request forgery tokens to specific accounts. A remote attacker could use this to perform a CSRF attack to gain access to another account. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman's cross-site request forgery tokens for the options page are derived from the admin password. A remote attacker could possibly use this to assist in performing a brute force attack against the admin password. Various other issues were also addressed.
31b5089934b776c5932880b406f38f121f36e74f6461c25588737e5f22c7ff0f