PublicDateAtUSN: 2021-12-02 03:15:00 UTC
Candidate: CVE-2021-44227
PublicDate: 2021-12-02 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44227
 https://ubuntu.com/security/notices/USN-5180-1
Description:
 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF
 token and craft an admin request (using that token) to set a new admin
 password or make other changes.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://bugs.launchpad.net/mailman/+bug/1952384
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_mailman:
 upstream: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882
upstream_mailman: needs-triage
esm-infra/xenial_mailman: needed
trusty_mailman: ignored (out of standard support)
xenial_mailman: ignored (out of standard support)
bionic_mailman: released (1:2.1.26-1ubuntu0.6)
focal_mailman: needed