Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x prior to 2.1.23 allows remote malicious users to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu mailman 2.1.3 |
||
gnu mailman 2.1.4 |
||
gnu mailman 2.1.10b3 |
||
gnu mailman 2.1.10b4 |
||
gnu mailman 2.1.10 |
||
gnu mailman 2.1.13 |
||
gnu mailman 2.1.16 |
||
gnu mailman 2.1.18 |
||
gnu mailman 2.1.19 |
||
gnu mailman 2.1.23 |
||
gnu mailman 2.1 |
||
gnu mailman 2.1.1 |
||
gnu mailman 2.1.2 |
||
gnu mailman 2.1.10b1 |
||
gnu mailman 2.1.12 |
||
gnu mailman 2.1.15 |
||
gnu mailman 2.1.21 |
||
gnu mailman 2.1.22 |
||
gnu mailman 2.1.8 |
||
gnu mailman 2.1.9 |
||
gnu mailman 2.1.11 |
||
gnu mailman 2.1.14 |
||
gnu mailman 2.1.18-1 |
||
gnu mailman 2.1.20 |
||
gnu mailman 2.1.5 |
||
gnu mailman 2.1.6 |
||
gnu mailman 2.1.14-1 |
||
gnu mailman 2.1.17 |