FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- arbitrary content injection vulnerability via options or private archive login pages

Affected packages
mailman < 2.1.30_4
2.1.31 <= mailman < 2.1.33
mailman-with-htdig < 2.1.30_4
2.1.31 <= mailman-with-htdig < 2.1.33

Details

VuXML ID 88760f4d-8ef7-11ea-a66d-4b2ef158be83
Discovery 2020-04-20
Entry 2020-05-07

Mark Sapiro reports:

A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh.

An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack.

(added 2020-05-07) This is essentially the same as https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is the private archive login page and the attack only succeeds if the list's roster visibility (private_roster) setting is 'Anyone'.

References

CVE Name CVE-2018-13796
URL https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8
URL https://bugs.launchpad.net/mailman/+bug/1873722
URL https://bugs.launchpad.net/mailman/+bug/1877379
URL https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/