Login Sign Up

CVE-2021-44227

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

CVE-2021-44227 is a Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman that allows authenticated list members or moderators to obtain CSRF tokens and craft malicious admin requests. This could enable attackers to change admin passwords, modify list settings, or perform other administrative actions without proper authorization. All Mailman installations with vulnerable versions are affected.

💻 Affected Systems

Products:
  • GNU Mailman
Versions: All versions before 2.1.38
Operating Systems: All operating systems running Mailman
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Mailman installations with default configurations. Requires authenticated access as a list member or moderator.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Mailman by Gnu

View all CVEs affecting Mailman →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could take full administrative control of Mailman instances, reset admin passwords, modify mailing list configurations, add/remove members, and potentially access sensitive subscriber data.

🟠

Likely Case

Unauthorized administrative changes to mailing list settings, password resets, or privilege escalation within the Mailman system.

🟢

If Mitigated

Limited impact with proper CSRF protections, network segmentation, and administrative access controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access as a list member or moderator. CSRF token leakage makes exploitation straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.38 and later

Vendor Advisory: https://bugs.launchpad.net/mailman/+bug/1952384

Restart Required: Yes

Instructions:

1. Backup current Mailman installation and configuration. 2. Upgrade to Mailman 2.1.38 or later using package manager or source compilation. 3. Restart Mailman services. 4. Verify the upgrade was successful.

🔧 Temporary Workarounds

CSRF Protection Enhancement

all

Implement additional CSRF protection mechanisms at the web server or application firewall level

Access Restriction

all

Restrict administrative interface access to trusted networks only

🧯 If You Can't Patch

  • Implement strict network access controls to limit Mailman admin interface access
  • Deploy web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check Mailman version: mailman --version or examine installed package version

Check Version:

mailman --version

Verify Fix Applied:

Verify version is 2.1.38 or later and test CSRF token validation

📡 Detection & Monitoring

Log Indicators:

  • Unexpected admin password changes
  • Unauthorized configuration modifications
  • CSRF token reuse patterns

Network Indicators:

  • Unusual admin interface access patterns
  • CSRF token requests from non-admin users

SIEM Query:

source="mailman.log" AND ("password change" OR "admin modification") AND NOT user="admin"

📊 Metadata

CVE ID: CVE-2021-44227
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: December 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44227, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)