← Back

CVE-2021-34337

nvd nist
Published: Apr 15, 2023Modified: Feb 6, 2025

JSON object

Loading...
6.3
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.0 / Impact: 5.2
Source: NVD

Description

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

Affected (1)

Products: Gnu: Mailman
Gnu
1 product
Mailman
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Mailman
Before 3.3.5

Related CWEs

CWE-208
Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (6)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.