CVE-2016-6893

CWE-352Cross-Site Request Forgery (CSRF)9 documents7 sources
Severity
8.8HIGH
EPSS
0.3%
top 43.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Mailman
Timeline
PublishedSep 2
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Ubuntumailman< 1:2.1.16-2ubuntu0.2+1
NVDgnu/mailman28 versions+27

🔴Vulnerability Details

4
GHSA
GHSA-46p3-9vjv-gq2w: Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 22022-05-17
OSV
mailman vulnerabilities2016-11-01
CVEList
CVE-2016-6893: Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 22016-09-02
OSV
CVE-2016-6893: Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 22016-09-02

📋Vendor Advisories

2
Ubuntu
Mailman vulnerabilities2016-11-01
Red Hat
mailman: CSRF protection missing in the user options page2016-08-19

💬Community

2
Bugzilla
CVE-2016-6893 mailman: CSRF protection missing in the user options page [fedora-all]2016-08-25
Bugzilla
CVE-2016-6893 mailman: CSRF protection missing in the user options page2016-08-25
CVE-2016-6893 (HIGH CVSS 8.8) | Cross-site request forgery (CSRF) v | cvebase.io