CVE-2021-40347

Beschreibung:
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

CWE: CWE-502

CVSS-Bewertung
CVSS 2: – (Version: )
CVSS 3: HIGH – 8.4 (Version: 3.1)

Links:

NVD – CVE-2021-40347
CVE – CVE-2021-40347

Link (max. 20) Quelle Tags
https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b CONFIRM
https://gitlab.com/mailman/postorius/-/tags MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993746 CONFIRM
https://gitlab.com/mailman/postorius/-/issues/531 MISC
https://phabricator.wikimedia.org/T289798 MISC
DSA-4970 DEBIAN

Quelle: NVD – CVE-2021-40347
Datum Veröffentlichung: 2021-09-10T19:15Z, Datum letzte Änderung: 2021-09-12T15:10Z