pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2021-3272/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

139 lines
5.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20213272",
"Version": "oval:org.altlinux.errata:def:20213272",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-3272: package `mailman` update to version 2.1.36-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-3272",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-3272",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-06194",
"RefURL": "https://bdu.fstec.ru/vul/2021-06194",
"Source": "BDU"
},
{
"RefID": "BDU:2021-06195",
"RefURL": "https://bdu.fstec.ru/vul/2021-06195",
"Source": "BDU"
},
{
"RefID": "CVE-2021-43331",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43331",
"Source": "CVE"
},
{
"RefID": "CVE-2021-43332",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-43332",
"Source": "CVE"
}
],
"Description": "This update upgrades mailman to version 2.1.36-alt1. \nSecurity Fix(es):\n\n * BDU:2021-06194: Уязвимость параметров cgi/options.pyв пакета для управления рассылками электронных писем GNU Mailman, связанная с непринятием мер по защите структуры веб-страницы, позволяющая выполнить произвольный JavaScript-код\n\n * BDU:2021-06195: Уязвимость пакета для управления рассылками электронных писем GNU Mailman, связанная с недостаточным ограничением попыток аутентификации, позволяющая пользователю обойти процедуру аутентификации\n\n * CVE-2021-43331: In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.\n\n * CVE-2021-43332: In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-11-13"
},
"Updated": {
"Date": "2021-11-13"
},
"BDUs": [
{
"ID": "BDU:2021-06194",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2021-06194",
"Impact": "Low",
"Public": "20211121"
},
{
"ID": "BDU:2021-06195",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-307",
"Href": "https://bdu.fstec.ru/vul/2021-06195",
"Impact": "Low",
"Public": "20211121"
}
],
"CVEs": [
{
"ID": "CVE-2021-43331",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43331",
"Impact": "Low",
"Public": "20211112"
},
{
"ID": "CVE-2021-43332",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-522",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-43332",
"Impact": "Low",
"Public": "20211112"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20213272001",
"Comment": "mailman is earlier than 5:2.1.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213272002",
"Comment": "mailman-apache2 is earlier than 5:2.1.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213272003",
"Comment": "mailman-docs is earlier than 5:2.1.36-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20213272004",
"Comment": "mailman-nginx is earlier than 5:2.1.36-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink