Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Mailman | 2.1 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2016/dsa-3668
- http://www.securityfocus.com/bid/92731
- http://www.securitytracker.com/id/1036728
- https://bugs.launchpad.net/bugs/1614841Issue Tracking
- http://www.debian.org/security/2016/dsa-3668
- http://www.securityfocus.com/bid/92731
- http://www.securitytracker.com/id/1036728
- https://bugs.launchpad.net/bugs/1614841Issue Tracking
FAQ
What is CVE-2016-6893?
CVE-2016-6893 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that mo...
How severe is CVE-2016-6893?
CVE-2016-6893 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6893?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Mailman.