CVE-2021-42096 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Vendor	Product	Version
gnu	mailman	𝑥 < 2.1.35
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

mailman

focal	Fixed 1:2.1.29-1ubuntu3.1 released
bionic	Fixed 1:2.1.26-1ubuntu0.4 released
xenial	Fixed 1:2.1.20-1ubuntu0.6+esm1 released

Common Weakness Enumeration

CWE-307 - Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References

http://www.openwall.com/lists/oss-security/2021/10/21/4

https://bugs.launchpad.net/mailman/+bug/1947639

https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/

https://www.debian.org/security/2021/dsa-4991

http://www.openwall.com/lists/oss-security/2021/10/21/4

https://bugs.launchpad.net/mailman/+bug/1947639

https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/

https://www.debian.org/security/2021/dsa-4991