Lucene search
GitHub Advisory DatabaseGHSA-2JG5-XGVV-4WQ7HistoryApr 15, 2023 - 9:30 p.m.
Mailman Core vulnerable to timing attacks
2023-04-1521:30:16
CWE-208
GitHub Advisory Database
github.com
25
0.0004 Low
EPSS
Percentile
15.1%
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
Related
osv
osv
CVE-2021-34337
2023-04-15 20:16:00
veracode
veracode
Timing Attack
2022-11-17 21:19:46
prion
prion
Cross site scripting
2023-04-15 20:16:00
redhatcve
redhatcve
CVE-2021-34337
2022-01-28 15:27:53
openvas
openvas
Mailman < 3.3.5 REST API Vulnerability
2023-04-21 00:00:00
cve
cve
CVE-2021-34337
2023-04-15 20:16:00
ubuntucve
ubuntucve
CVE-2021-34337
2023-04-15 00:00:00
cvelist
cvelist
CVE-2021-34337
2023-04-15 00:00:00
debiancve
debiancve
CVE-2021-34337
2023-04-15 20:16:00