Description

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Remediation

References

CVE-2016-6893

Related Vulnerabilities

MySQL CVE-2024-21213 Vulnerability (CVE-2024-21213)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-25703)

WordPress Plugin Quick Event Manager Multiple Vulnerabilities (9.7.4)

Ruby Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-31799)

Severity

High

Classification

CVE-2016-6893 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities