CVE-2016-6893

8.8HIGH

Key Information:

Vendor
Gnu
Status
Mailman
Vendor
CVE Published:
2 September 2016

Summary

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

References

http://www.debian.org/security/2016/dsa-3668
vendor-advisoryx_refsource_DEBIAN
https://bugs.launchpad.net/bugs/1614841
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92731
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.