CVE-2021-40347

Publication date 10 September 2021

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
postorius	22.10 kinetic	Fixed 1.3.5-1
	22.04 LTS jammy	Fixed 1.3.5-1
	21.10 impish	Fixed 1.3.4-2ubuntu0.1
	21.04 hirsute	Fixed 1.3.4-1ubuntu0.1
	20.04 LTS focal	Fixed 1.2.4-1ubuntu0.1
	18.04 LTS bionic	Fixed 1.1.2-3ubuntu0.1
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Not in release

Severity score breakdown

Parameter	Value
Base score	5.4 · Medium
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	Low
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVE-2021-40347

Cvss 3 Severity Score

Status

Severity score breakdown

References

Other references