Описание
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.1.26-1ubuntu0.4 |
| esm-apps/focal | released | 1:2.1.29-1ubuntu3.1 |
| esm-infra/bionic | not-affected | 1:2.1.26-1ubuntu0.4 |
| esm-infra/xenial | released | 1:2.1.20-1ubuntu0.6+esm1 |
| focal | released | 1:2.1.29-1ubuntu3.1 |
| upstream | released | 2.1.35 |
Показывать по
Ссылки на источники
8.5 High
CVSS2
8 High
CVSS3
Связанные уязвимости
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
8.5 High
CVSS2
8 High
CVSS3