PT-2016-2674 · Gnu+2 · Gnu Mailman+2

Published

2016-02-21

Updated

2017-07-29

CVE-2016-7123

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GNU Mailman versions prior to 2.1.15

Description The issue is related to a cross-site request forgery (CSRF) vulnerability in the admin web interface. This vulnerability allows remote attackers to hijack the authentication of administrators.

Recommendations For GNU Mailman versions prior to 2.1.15, update to version 2.1.15 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication measures or restricting access to the admin web interface to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2016-1141

BDU:2016-02066

CVE-2016-7123

USN-3118-1

Affected Products

Alt Linux

Gnu Mailman

Ubuntu

PT-2016-2674 · Gnu+2 · Gnu Mailman+2

CVE-2016-7123

Weakness Enumeration

Related Identifiers

Affected Products

References · 13