Package mailman updated to version 2.1.23-alt0.1.20160915 for branch sisyphus in task 169886.

Published: 2016-09-02

BDU:2016-02068

Уязвимость системы управления почтовыми рассылками GNU Mailman, позволяющая нарушителю получить доступ к аутентификационным данным произвольных пользователей

Severity: MEDIUM (6.8)

References:

CVE-2016-6893

Published: 2016-09-02
Modified: 2024-11-21

CVE-2016-6893

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

DSA-3668
DSA-3668
92731
92731
1036728
1036728
https://bugs.launchpad.net/bugs/1614841
https://bugs.launchpad.net/bugs/1614841

Version: 2.1.0

Package mailman update in sisyphus on 2016-09-24

ALT-PU-2016-2014-1

Closed vulnerabilities

BDU:2016-02068

CVE-2016-6893