Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44227 | 1 Gnu | 1 Mailman | 2022-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | |||||
| CVE-2021-42097 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2021-11-05 | 8.5 HIGH | 8.0 HIGH |
| GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | |||||
| CVE-2016-6893 | 1 Gnu | 1 Mailman | 2017-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | |||||
| CVE-2016-7123 | 1 Gnu | 1 Mailman | 2017-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. | |||||