An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-15T00:00:00

Updated: 2024-08-04T00:05:52.555Z

Reserved: 2021-06-08T00:00:00

Link: CVE-2021-34337

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-15T20:16:00.623

Modified: 2024-11-21T06:10:11.600

Link: CVE-2021-34337

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-04T00:00:00Z

Links: CVE-2021-34337 - Bugzilla