9 matches found
CVE-2021-40347
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...
Ubuntu 18.04 LTS / 20.04 LTS : Postorius vulnerability (USN-5157-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5157-1 advisory. It was discovered that Postorius mishandled specially crafted input. An attacker could use this vulnerability that obtain sensitive information. Tenab...
Debian: Security Advisory (DSA-4970-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-40347
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...
UBUNTU-CVE-2021-40347
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...
CVE-2021-40347
The CVE-2021-40347 issue affects GNU Mailman Postorius (views/list.py) for versions before 1.3.5. An authenticated attacker can send a crafted POST request to unsubscribe any user from a mailing list and can reveal whether that address was subscribed. Remediation: upgrade Postorius to 1.3.5 or ne...
CVE-2021-40347
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...
Debian DSA-4970-1 : postorius - security update
The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-4970 advisory. Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when...
[SECURITY] [DSA 4970-1] postorius security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4970-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 09, 2021 https://www.debian.org/security/faq -...