CVE-2021-41083

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-41083
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41083.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-41083
Related
  • GHSA-344m-p829-2r38
Published
2021-09-20T22:15:07Z
Modified
2025-01-08T11:10:43.640581Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any mailing list password, as well as the Dada Mail Root Password - which could effectively shut out actual list owners of the mailing list and allow the bad actor complete and unfettered control of your mailing list. This vulnerability also affects profile logins. For this vulnerability to work, the target of the bad actor would need to be logged into the list control panel themselves. This CSRF vulnerability in Dada Mail affects all versions of Dada Mail v11.15.1 and below. Although we know of no known CSRF exploits that have happened in the wild, this vulnerability has been confirmed by our testing, and by a third party. Users are advised to update to version 11.16.0.

References

Affected packages

Git / github.com/justingit/dada-mail

Affected ranges

Type
GIT
Repo
https://github.com/justingit/dada-mail
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

6_3_0-stable_2013_04_08
v10_0_0-alpha1_2016_10_05
v10_0_0-beta1_2016_10_14
v10_0_0-beta2_2016_10_22
v10_0_0-stable_2016_10_27
v10_0_1-stable_2016_11_08
v10_0_2-stable_2016_11_14
v10_0_3-stable_2016_11_23
v10_1_0-stable_2016_11_28
v10_2_0-stable_2016_12_06
v10_2_1-stable_2016_12_06
v10_2_1-stable_2016_12_09
v10_2_2-stable_2016_12_14
v10_2_2-stable_2016_12_19
v10_2_3-stable_2016_12_19
v10_2_4-stable_2016_12_23
v10_3_0-beta1_2016_12_28
v10_3_0-stable_2017_01_04
v10_3_1-stable_2017_01_11
v10_3_2-stable_2017_01_14
v10_3_3-stable_2017_01_24
v10_3_4-stable_2017_02_02
v10_3_5-stable_2017_02_04
v10_3_6-stable_2017_02_06
v10_4_0-stable_2017_02_21
v10_5_0-beta1_2017_03_16
v10_5_0-stable_2017_03_22
v10_5_1-stable_2017_04_14
v10_5_1-stable_2017_04_17
v10_5_2-stable_2017_04_23
v10_5_3-stable_2017_04_27
v10_5_4-stable_2017_05_16
v10_5_5-stable_2017_06_08
v10_6_0-stable_2017_06_21
v10_7_0-stable_2017_07_05
v10_7_1-stable_2017_10_04
v10_7_2-stable_2017_12_29
v10_8_0-stable_2018_04_09
v10_8_1-stable_2018_04_11
v10_8_2-stable_2018_04_17
v11_0_0-stable_2018_05_21
v11_0_1-stable_2018_06_07
v11_0_2-stable_2018_06_15
v11_0_3-stable_2018_07_02
v11_0_4-stable_2018_07_07
v11_0_5-stable_2018_07_12
v11_10_0-stable_2020_03_18
v11_10_1-stable_2020_03_24
v11_10_2-stable_2020_05_18
v11_10_3-stable_2020_06_2
v11_10_3-stable_2020_06_29
v11_11_0-stable_2020_08_06
v11_11_1-stable_2020_08_24
v11_11_2-stable_2020_08_31
v11_11_3-stable_2020_09_10
v11_12_0-stable_2020_09_28
v11_12_1-stable_2020_10_16
v11_12_2-stable_2020_10_17
v11_13_0-stable_2020_05_10
v11_13_1-stable_2020_05_15
v11_14_0-stable_2020_05_28
v11_14_1-stable_2020_06_09
v11_14_2-stable_2021_07_24
v11_15_0-stable_2021_08_30
v11_15_1-stable_2021_09_08
v11_1_0-stable_2018_07_21
v11_1_1-stable_2018_07_28
v11_1_2-stable_2018_08_04
v11_1_2-stable_2018_08_04-a
v11_1_3-stable_2018_08_15
v11_2_0-stable_2018_09_04
v11_2_1-stable_2018_09_20
v11_2_2-stable_2018_10_17
v11_2_3-stable_2018_10_24
v11_2_4-stable_2018_10_31
v11_2_5-stable_2018_11_06
v11_2_6-stable_2018_11_13
v11_2_7-stable_2019_02_06
v11_2_8-stable_2019_03_04
v11_2_9-stable_2019_04_12
v11_3_0-stable_2019_04_20
v11_3_0-stable_2019_04_25
v11_3_1-stable_2019_05_12
v11_4_0-stable_2019_05_20
v11_4_1-stable_2019_06_01
v11_4_2-stable_2019_06_06
v11_4_3-stable_2019_07_08
v11_4_4-stable_2019_07_26
v11_4_5-stable_2019_09_10
v11_4_6-stable_2019_09_23
v11_5_0-stable_2019_11_01
v11_5_1-stable_2019_11_12
v11_6_0-stable_2019_11_25
v11_7_0-stable_2019_12_10
v11_8_0-stable_2020_01_01
v11_8_1-stable_2020_01_08
v11_9_0-stable_2020_02_04
v3_1_0_Alpha1-03_13_09
v3_1_0_alpha2-07_07_09
v3_1_0_alpha3-08_26_09
v4_0_0_beta1-09_28_09
v4_0_0_beta2-10_22_09
v4_0_0_beta3-10_30_09
v4_0_0_beta4-11_03_09
v4_0_0_beta5-11_15_09
v4_0_0_rc1-11_21_09
v4_0_0_rc2-11_23_09
v4_0_0_rc3-11_24_09
v4_0_0_rc3-12_01_09
v4_0_0_rc4-12_01_09
v4_0_0_stable-2009_12_02
v4_0_1_stable-2009_12_14
v4_0_2_stable-2010_01_06
v4_0_2_unicode_experiment-2010_02_23
v4_0_3_stable-2010_03_07
v4_0_4_beta1-2010_03_22
v4_0_4_beta2-2010_03_27
v4_0_4_stable-2010_03_30
v4_0_5_stable-2010_05_12
v4_10_0-alpha1_2012_02_06
v4_1_0_beta1-2010_05_23
v4_1_0_beta2-2010_05_31
v4_1_0_stable-2010_06_09
v4_2_0-rc2_2010_08_16
v4_2_0_beta1
v4_2_0_beta2-2010_07_26
v4_2_0_rc1-2010_08_10
v4_2_0_stable-2010_08_23
v4_2_1_stable-2010_10_04
v4_3_0-beta1-2010_11_16
v4_3_0-beta2-2010_11_26
v4_3_0_stable-2010_11_26
v4_3_1_beta1-2010_12_14
v4_3_1_beta2-2010_12_21
v4_3_1_stable-2010_12_23
v4_3_2_stable-2011_01_16
v4_4_0-rc1-2011_02_08
v4_4_0-rc2-2011_02_12
v4_4_0_alpha1-2011_01_31
v4_4_0_stable-2011_02_1
v4_4_0_stable-2011_02_15
v4_4_1_stable-2011_02_21
v4_4_2_stable-2011_02_28
v4_4_3_beta1-2011_03_13
v4_4_3_rc1-2011_03_15
v4_4_3_stable-2011_03_17
v4_5_0_beta1-2011_05_09
v4_5_0_stable-2011_05_12
v4_5_1_stable-2011_05_18
v4_5_2_stable-2011_07_12
v4_6_0_alpha1-2011_07_20
v4_6_0_alpha2-2011_07_28
v4_6_0_beta1-2011_08_01
v4_6_0_beta2-2011_08_02
v4_6_0_rc1-2011_08_04
v4_6_0_stable-2011_08_07
v4_6_1_stable-2011_08_22
v4_7_0-alpha1_stable-2011_08_26
v4_7_0-alpha2_011_08_31
v4_7_0-stable_2011_09_05
v4_7_1-stable_2011_09_15
v4_7_2-stable_2011_09_17
v4_8_0-beta1-stable_2011_09_27
v4_8_0-stable_2011_09_28
v4_8_1-stable_2011_10_10
v4_8_2-stable_2011_10_12
v4_8_3-beta_2011_10_22
v4_8_3-stable_2011_10_25
v4_8_4-beta1_2011_11_13
v4_8_4-stable_2011_11_22
v4_9_0-alpha1_2011_11_21
v4_9_0-alpha2_2011_11_28
v4_9_0-beta1_2011_12_04
v4_9_0-stable_2011_12_06
v4_9_1-beta1_2011_12_18
v4_9_1-stable_2012_01_04
v5_0_0-beta1_2012_02_14
v5_0_0-rc1_2012_02_21
v5_0_0-rc2_2012_02_28
v5_0_0-rc3_2012_03_06
v5_0_0-rc4_2012_03_08
v5_0_0-stable_2012_03_18
v5_0_1-stable_2012_03_30
v5_0_2-stable_2012_04_22
v5_0_3-stable_2012_05_06
v5_1_0-beta1_2012_05_28
v5_1_0-stable_2012_06_31
v5_1_1-stable_2012_06_05
v5_2_0-stable_2012_07_30
v5_2_1-stable_2012_08_17
v6_0_0-alpha1_2012_11_09
v6_0_0-beta1_2012_11_20
v6_0_0-rc1_2012_12_10
v6_0_0-rc2_2012_12_20
v6_0_0-stable_2012_12_21
v6_0_1-stable_2013_01_06
v6_0_2-stable_2013_01_28
v6_1_0-stable_2013_02_19
v6_1_1-stable_2013_02_28
v6_2_0-stable_2013_03_10
v6_2_1-stable_2013_03_19
v6_2_2-stable_2013_03_29
v6_3_0-alpha1_2013_03_30
v6_3_0-beta1_2013_04_04
v6_3_0-stable_2013_04_08
v6_3_1-stable_2013_04_15
v6_4_0-beta1_2013_05_08
v6_4_0-beta2_2013_05_09
v6_4_0-rc1_2013_05_17
v6_4_0-stable_2013_05_23
v6_4_1-stable_2013_06_09
v6_4_2-stable_2013_06_10
v6_4_3-stable_2013_06_11
v6_5_0-alpha1_2013_06_10
v6_5_0-alpha1_2013_06_11
v6_5_0-alpha2_2013_06_11
v6_5_0-beta1_2013_06_26
v6_5_0-rc1_2013_07_11
v6_5_0-stable_2013_07_14
v6_5_1-stable_2013_08_04
v6_5_2-stable_2013_08_06
v6_6_0-beta1_2013_08_23
v6_6_0-stable_2013_09_04
v6_6_1-stable_2013_09_16
v6_7_0-beta1_2013_09_16
v6_7_0-beta2_2013_09_24
v6_7_0-stable_2013_10_01
v6_7_1-stable_2013_10_10
v6_7_2-stable_2013_11_08
v6_8_0-beta1_2013_12_14
v6_8_0-beta2_2013_12_18
v6_8_0-beta2_2013_12_19
v6_8_0-rc1_2013_12_26
v6_8_0-stable_2014_01_01
v6_8_1-stable_2014_02_09
v7_0_0-alpha1_2014_03_09
v7_0_0-beta1_2014_03_20
v7_0_0-beta2_2014_03_31
v7_0_0-stable_2014_04_06
v7_0_1-stable_2014_04_18
v7_0_2-stable_2014_04_28
v7_0_3-stable_2014_05_05
v7_0_4-stable_2014_05_18
v7_0_5-stable_2014_06_18
v7_0_5-stable_2014_07_18
v7_1_0-stable_2014_07_10
v7_2_0-stable_2014_07_23
v7_2_1-stable_2014_09_12
v7_3_0-stable_2014_10_13
v7_3_1-stable_2014_10_20
v7_3_1-stable_2014_10_20v7_3_1-stable_2014_10_20
v7_4_0-beta1_2014_12_09
v7_4_0-stable_2014_12_16
v7_4_1-stable_2015_02_20
v8_0_0-alpha1_2015_01_29
v8_0_0-alpha1_2015_01_31
v8_0_0-alpha2_2015_02_20
v8_0_0-alpha3_2015_03_05
v8_0_0-beta1_2015_03_14
v8_0_0-stable_2014_01_31
v8_0_0-stable_2015_03_31
v8_0_1-stable_2015_04_20
v8_0_2-stable_2015_04_24
v8_0_3-stable_2015_05_20
v8_1_0-stable_2015_05_21
v8_2_0-stable_2015_06_17
v8_3_0-stable_2015_06_29
v8_4_0-stable_2015_08_01
v9_0_0-alpha1-stable_2015_10_27
v9_0_0-alpha1_2015_10_27
v9_0_0-alpha2_2015_11_09
v9_0_0-beta1_2015_11_16
v9_0_0-beta2_2015_11_24
v9_0_0-rc1_2015_11_30
v9_0_0-stable_2015_12_07
v9_0_1-stable_2015_12_09
v9_0_2-stable_2015_12_18
v9_0_3-stable_2016_01_14
v9_1_0-stable_2016_02_09
v9_1_1-stable_2016_02_14
v9_1_2-stable_2016_02_27
v9_1_3-stable_2016_03_13
v9_2_0-stable_2016_03_21
v9_2_0-stable_2016_03_23
v9_2_1-stable_2016_04_21
v9_2_2-stable_2016_05_09
v9_2_2-stable_2016_05_11
v9_3_0-stable_2016_06_07
v9_4_0-beta1_2016_06_15
v9_4_0-stable_2016_06_20
v9_4_1-stable_2016_06_22
v9_5_0-beta1-stable_2016_06_30
v9_5_0-stable_2016_07_11
v9_6_0-stable_2016_08_02
v9_6_1-stable_2016_10_05

v10_1_0-stable_2016_11_28.*

v10_1_0-stable_2016_11_28.tar.gz

v9_0_0_2015_11_30/uncompress_dada.*

v9_0_0_2015_11_30/uncompress_dada.cgi

v9_4_1-stable_2016_06_22.*

v9_4_1-stable_2016_06_22.2