CVE-2021-40347: CVE-2021-40347

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-40347

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

GNU Mailman 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GNU Mailman是GNU社区的一套免费的用于管理电子邮件讨论和电子邮件列表的软件。该软件可与Web项目集成，使用户方便管理邮件订阅帐号，并提供内置归档、自动转发处理、内容过滤和反垃圾过滤器等功能。 GNU Mailman 存在访问控制错误漏洞，该漏洞源于在 1.3.5 之前的 GNU Mailman Postorius 中的 views/list.py 中发现了一个问题。攻击者（登录到任何帐户）可以发送精心设计的 POST 请求以从邮件列表中取消订阅任何用户，同时还可以揭示该地址是否已被首先订阅。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-40347

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-40347

Please Login to view more intelligence information

https://gitlab.com/mailman/postorius/-/tagsx_refsource_MISC
https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474bx_refsource_CONFIRM
https://phabricator.wikimedia.org/T289798x_refsource_MISC
https://gitlab.com/mailman/postorius/-/issues/531x_refsource_MISC
https://www.debian.org/security/2021/dsa-4970vendor-advisoryx_refsource_DEBIAN
https://nvd.nist.gov/vuln/detail/CVE-2021-40347

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-40347

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-40347

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-40347

III. Intelligence Information for CVE-2021-40347

IV. Related Vulnerabilities

V. Comments for CVE-2021-40347

Leave a comment