CVE-2016-6893

Priority
Description
Cross-site request forgery (CSRF) vulnerability in the user options page in
GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the
authentication of arbitrary users for requests that modify an option, as
demonstrated by gaining access to the credentials of a victim's account.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:2.1.16-2ubuntu0.2])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.1.20-1ubuntu0.1)
Patches:
Upstream:http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668
Upstream:https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
More Information

Updated: 2020-09-10 05:31:44 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)