Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-09-02T14:00:00

Updated: 2024-08-06T01:43:38.450Z

Reserved: 2016-08-19T00:00:00

Link: CVE-2016-6893

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-09-02T14:59:09.283

Modified: 2024-11-21T02:57:02.453

Link: CVE-2016-6893

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-08-19T00:00:00Z

Links: CVE-2016-6893 - Bugzilla