Cross-Site Request Forgery in GNU Mailman Administration Interface
CVE-2016-7123

8.8HIGH

Key Information:

Vendor
Gnu
Status
Mailman
Vendor
CVE Published:
2 September 2016

Summary

A security flaw in the admin web interface of GNU Mailman prior to version 2.1.15 allows remote attackers to exploit cross-site request forgery (CSRF) vulnerabilities. This can enable unauthorized users to hijack the authentication of administrators, potentially leading to malicious activities within the system. Organizations using affected versions should implement necessary updates and security practices to mitigate these risks.

References

http://www.securitytracker.com/id/1037160
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/92732
vdb-entryx_refsource_BID
https://bugs.launchpad.net/bugs/1614841
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.