GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-21T00:45:13

Updated: 2024-08-04T03:22:25.926Z

Reserved: 2021-10-07T00:00:00

Link: CVE-2021-42097

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-21T01:15:06.940

Modified: 2024-11-21T06:27:15.187

Link: CVE-2021-42097

cve-icon Redhat

Severity : Important

Publid Date: 2021-10-21T00:00:00Z

Links: CVE-2021-42097 - Bugzilla