Security
Headlines

Headlines Latest CVEs

Headline

GHSA-2jg5-xgvv-4wq7: Mailman Core vulnerable to timing attacks

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

1 year ago

Mailman Core vulnerable to timing attacks

Moderate severity GitHub Reviewed Published Apr 15, 2023 to the GitHub Advisory Database • Updated Apr 18, 2023

Related news

CVE-2021-34337: Check the REST API password in a way that is resistant to timing attacks (CVE-2021-34337) (e4a39488) · Commits · GNU Mailman / Mailman Core · GitLab

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.

1 year ago

#mac #git #auth

ghsa: Latest News

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

16 hours ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

16 hours ago

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

16 hours ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

19 hours ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

20 hours ago