Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ewvs55pqvqybv7telryghfmp4sypf2rcjximilprzn5a3pkaie@vcsibbkueub3>
Date: Mon, 21 Apr 2025 19:48:02 +0300
From: Valtteri Vuorikoski <vuori@...com.org>
To: oss-security@...ts.openwall.com
Subject: Re: 3 new CVE's in old branch of GNU mailman

On Mon, Apr 21, 2025 at 09:08:33AM -0700, Alan Coopersmith wrote:
> 3 new CVE's have been published for GNU Mailman 2.1.39, as bundled with cPanel
> and WHM, credited to Firudin Davudzada and Musazada Aydan.
> 
> CVE-2025-43919: Directory Traversal in GNU Mailman 2.1.39 (cPanel/WHM Bundle)
> Details/POC: https://github.com/0NYX-MY7H/CVE-2025-43919
[…]
> CVE-2025-43921: Unauthenticated Mailing List Creation in GNU Mailman 2.1.39 (cPanel/WHM Bundle)
> Details/POC: https://github.com/0NYX-MY7H/CVE-2025-43921

I saw these mentioned earlier and could not reproduce either on a stock 2.1.39
install. Looking at the code that handles the "private" endpoint, it's also hard
to see a route from the username POST parameter to path construction.

Are these vulnerabilities due to modifications made by the vendor (cPanel LLC) to
their distributed version?

 -Valtteri

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.