Vulnerabilities > CVE-2021-40347 - Unspecified vulnerability in Postorius Project Postorius

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

postorius-project

NVD

Published: 2021-09-10

Updated: 2021-09-24

Summary

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.

Vulnerable Configurations

Part	Description	Count
Application	Postorius_Project Postorius Project Postorius 1.0.0 Postorius Project Postorius 1.0.1 Postorius Project Postorius 1.0.2 Postorius Project Postorius 1.0.3 Postorius Project Postorius 1.1.0 Postorius Project Postorius 1.1.1 Postorius Project Postorius 1.1.2 Postorius Project Postorius 1.2 Postorius Project Postorius 1.2.1 Postorius Project Postorius 1.2.2 Postorius Project Postorius 1.2.3 Postorius Project Postorius 1.2.4 Postorius Project Postorius 1.3.0 Postorius Project Postorius 1.3.1 Postorius Project Postorius 1.3.2 Postorius Project Postorius 1.3.3 Postorius Project Postorius 1.3.4	20

Summary

Vulnerable Configurations

References