CVE-2004-0412

CWE-200Information ExposureCWE-639Insecure Direct Object ReferenceCWE-2226 documents6 sources
Severity
5.0MEDIUM
EPSS
3.7%
top 11.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Mailman
Timeline
PublishedAug 18
Latest updateApr 29

Description

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

PyPImailman< 2.1.5
NVDgnu/mailman6 versions+5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
Mailman Sensitive Information Disclosure2022-04-29
OSV
Mailman Sensitive Information Disclosure2022-04-29
CVEList
CVE-2004-0412: Mailman before 22004-06-03

📋Vendor Advisories

1
Red Hat
mailman: password stealing via a crafted email request2021-10-02

📐Framework References

1
CWE
Truncation of Security-relevant Information
CVE-2004-0412 (MEDIUM CVSS 5) | Mailman before 2.1.5 allows remote | cvebase.io