Vulnerability Name:

CVE-2021-42097 (CCN-211831)

Assigned:2021-10-18
Published:2021-10-18
Updated:2021-11-05
Summary:GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
CVSS v3 Severity:8.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
7.0 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2021-42097

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20211021 Mailman 2.1.35 security release

Source: CCN
Type: LaunchPad Web site
Potential Privilege escalation via the user options page.

Source: CONFIRM
Type: Patch, Third Party Advisory
https://bugs.launchpad.net/mailman/+bug/1947640

Source: XF
Type: UNKNOWN
gnumailman-cve202142097-priv-esc(211831)

Source: CONFIRM
Type: Patch, Third Party Advisory
https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/

Source: CCN
Type: oss-sec Mailing List, Thu, 21 Oct 2021 12:04:47 -0700
Mailman 2.1.35 security release

Source: DEBIAN
Type: Third Party Advisory
DSA-4991

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-42097

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:mailman:*:*:*:*:*:*:*:* (Version < 2.1.35)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gnu:mailman:2.1.34:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20214913
    P
    		RHSA-2021:4913: mailman security update (Important)
    2021-12-02
    oval:com.redhat.rhsa:def:20214826
    P
    		RHSA-2021:4826: mailman:2.1 security update (Important)
    2021-11-23
    oval:org.opensuse.security:def:11144
    P
    		Security update for mailman (Important)
    2021-11-05
    oval:org.opensuse.security:def:96432
    P
    		Security update for mailman (Important)
    2021-11-05
    oval:org.opensuse.security:def:103122
    P
    		Security update for mailman (Important)
    2021-11-05
    oval:org.opensuse.security:def:109779
    P
    		Security update for mailman (Important)
    2021-11-05
    oval:org.opensuse.security:def:111116
    P
    		Security update for mailman (Important)
    2021-11-02
    BACK
    gnu mailman *
    debian debian linux 10.0
    gnu mailman 2.1.34