Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

Published

2023-04-15T20:16:00.623

Last Modified

2025-02-06T17:15:12.627

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-208

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	mailman	< 3.3.5	Yes

References

https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 Patch, Vendor Advisory ([email protected])
https://gitlab.com/mailman/mailman/-/issues/911 Broken Link ([email protected])
https://gitlab.com/mailman/mailman/-/tags Release Notes ([email protected])
https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/mailman/mailman/-/issues/911 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/mailman/mailman/-/tags Release Notes (af854a3a-2127-422b-91ae-364da2661108)