cvedb.io
CVE-2021-34337
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2023-04-15T20:16:00.623 · Last modified 2026-06-17T03:55:40.843

Summary

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

Affected products

gnu — mailman

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.