Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-6893

Опубликовано: 02 сент. 2016
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.10:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.10b1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.10b3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.10b4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.12:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.12:rc2:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.14-1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.15:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.16:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.16:rc2:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.16:rc3:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.18:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.18:rc2:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.18:rc3:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.18-1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.19:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.19:rc1:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.19:rc2:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.19:rc3:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.21:rc2:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:mailman:2.1.23:*:*:*:*:*:*:*

EPSS

Процентиль: 44%
0.00211
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

ubuntu логотип

CVE-2016-6893

CVSS3: 8.8
ubuntu
почти 9 лет назад

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

redhat логотип

CVE-2016-6893

CVSS3: 6.5
redhat
почти 9 лет назад

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

debian логотип

CVE-2016-6893

CVSS3: 8.8
debian
почти 9 лет назад

Cross-site request forgery (CSRF) vulnerability in the user options pa ...

suse-cvrf логотип

SUSE-SU-2019:14068-1

suse-cvrf
около 6 лет назад

Security update for mailman

suse-cvrf логотип

SUSE-SU-2018:1638-1

suse-cvrf
около 7 лет назад

Security update for mailman

EPSS

Процентиль: 44%
0.00211
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352