CVE-2016-6893

Priority
Description
Cross-site request forgery (CSRF) vulnerability in the user options page in
GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the
authentication of arbitrary users for requests that modify an option, as
demonstrated by gaining access to the credentials of a victim's account.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:2.1.16-2ubuntu0.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.1.20-1ubuntu0.1)
Patches:
Upstream:http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668
Upstream:https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
More Information

Updated: 2019-12-05 18:46:02 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)