CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51	Patch Vendor Advisory
https://gitlab.com/mailman/mailman/-/issues/911	Broken Link
https://gitlab.com/mailman/mailman/-/tags	Release Notes
https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51	Patch Vendor Advisory
https://gitlab.com/mailman/mailman/-/issues/911	Broken Link
https://gitlab.com/mailman/mailman/-/tags	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*

History

06 Feb 2025, 17:15

Type	Values Removed	Values Added
CWE		CWE-208

Information

Published : 2023-04-15 20:16

Updated : 2025-02-06 17:15

NVD link : CVE-2021-34337

Mitre link : CVE-2021-34337

CVE.ORG link : CVE-2021-34337

JSON object : View

Products Affected

gnu

mailman

CWE

NVD-CWE-noinfo CWE-208

Observable Timing Discrepancy

{"id": "CVE-2021-34337", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}]}, "published": "2023-04-15T20:16:00.623", "references": [{"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/mailman/mailman/-/issues/911", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/mailman/mailman/-/tags", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/mailman/mailman/-/issues/911", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/mailman/mailman/-/tags", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-208"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces."}], "lastModified": "2025-02-06T17:15:12.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99971A86-88D5-464B-B972-05EF98C89621", "versionEndExcluding": "3.3.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}