Skip to content

Mailman Sensitive Information Disclosure

Moderate severity GitHub Reviewed Published Apr 29, 2022 to the GitHub Advisory Database • Updated Sep 18, 2023

Package

pip mailman (pip)

Affected versions

< 2.1.5

Patched versions

2.1.5

Description

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

References

Published by the National Vulnerability Database Aug 18, 2004
Published to the GitHub Advisory Database Apr 29, 2022
Reviewed Sep 18, 2023
Last updated Sep 18, 2023

Severity

Moderate

EPSS score

0.559%
(78th percentile)

Weaknesses

CVE ID

CVE-2004-0412

GHSA ID

GHSA-hj4h-vqpq-95wg

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.