Gnu · Gnu Mailman · CVE-2016-6893
**Name of the Vulnerable Software and Affected Versions**
GNU Mailman versions 2.1.x through 2.1.22
**Description**
A cross-site request forgery (CSRF) issue in the user options page allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, potentially gaining access to the credentials of a victim's account.
**Recommendations**
For GNU Mailman versions 2.1.x through 2.1.22, update to version 2.1.23 or later to resolve the issue.
As a temporary workaround, consider restricting access to the user options page until a patch is available.