CVE-2020-15011
published 2020-06-24CVE-2020-15011: GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| gnu | mailman | < 2.1.33 | 2.1.33 |
| gnu | mailman | >= 0 < 1:2.1.20-1ubuntu0.6 | 1:2.1.20-1ubuntu0.6 |
| gnu | mailman | >= 0 < 1:2.1.26-1ubuntu0.3 | 1:2.1.26-1ubuntu0.3 |
| gnu | mailman | >= 0 < 1:2.1.29-1ubuntu3.1 | 1:2.1.29-1ubuntu3.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv6.5MEDIUM