Launchpad CVE tracker

CVE 2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.

Related bugs and status

CVE-2021-43332 (Candidate) is related to these bugs:

Bug #1949403: A vulnerability could allow a list moderator to discover the admin password.

Summary				In	Importance	Status
	1949403	A vulnerability could allow a list moderator to discover the admin password.		GNU Mailman	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://mail.python.or...
MISC: https://bugs.launchpad...
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2021-43332

Related bugs and status

Related bugs

References