CVE-2018-13796

CWE-20 — Improper Input Validation CWE-34510 documents7 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 33.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman

Timeline

PublishedJul 12

Latest updateApr 29

Description

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶PyPImailman< 2.1.28

▶NVDgnu/mailman< 2.1.28

▶Ubuntumailman< 1:2.1.20-1ubuntu0.4+1

🔴Vulnerability Details

OSV

mailman vulnerabilities↗2020-04-29

▶

GHSA

Moderate severity vulnerability that affects mailman↗2018-09-11

▶

OSV

Moderate severity vulnerability that affects mailman↗2018-09-11

▶

CVEList

CVE-2018-13796: An issue was discovered in GNU Mailman before 2↗2018-07-12

▶

OSV

CVE-2018-13796: An issue was discovered in GNU Mailman before 2↗2018-07-12

▶

📋Vendor Advisories

Ubuntu

Mailman vulnerabilities↗2020-04-29

▶

Red Hat

mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites↗2018-07-23

▶

💬Community

Bugzilla

CVE-2018-13796 mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites↗2018-07-27

▶

Bugzilla

CVE-2018-13796 mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites [fedora-all]↗2018-07-27

▶