FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page

Affected packages
		mailman	<	2.1.38
		mailman-exim4	<	2.1.38
		mailman-exim4-with-htdig	<	2.1.38
		mailman-postfix	<	2.1.38
		mailman-postfix-with-htdig	<	2.1.38
		mailman-with-htdig	<	2.1.38

Details

VuXML ID	0d6efbe3-52d9-11ec-9472-e3667ed6088e
Discovery	2021-11-25
Entry	2021-12-01

Mark Sapiro reports:

A list moderator or list member can potentially carry out a CSRF attack by getting a list admin to visit a crafted web page.

[source]

References

CVE Name	CVE-2021-44227
URL	https://bugs.launchpad.net/mailman/+bug/1952384
URL	https://www.mail-archive.com/mailman-users@python.org/msg73979.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.