Описание
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
A Cross-Site Request Forgery (CSRF) attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right user and a token created by one user can be used by another one to perform a request, effectively bypassing the protection provided by CSRF tokens. A remote attacker with an account on the mailman system can use this flaw to perform a CSRF attack and perform operations on behalf of the victim user.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mailman | Out of support scope | ||
| Red Hat Enterprise Linux 7 | mailman | Fixed | RHSA-2021:4913 | 02.12.2021 |
| Red Hat Enterprise Linux 8 | mailman | Fixed | RHSA-2021:4826 | 23.11.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | mailman | Fixed | RHSA-2021:4838 | 24.11.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | mailman | Fixed | RHSA-2021:4837 | 24.11.2021 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | mailman | Fixed | RHSA-2021:4839 | 24.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8 High
CVSS3
Связанные уязвимости
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
EPSS
8 High
CVSS3