CVE-2016-6893

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
gnumailman
2.1
gnumailman
2.1.1
gnumailman
2.1.2
gnumailman
2.1.3
gnumailman
2.1.4
gnumailman
2.1.5
gnumailman
2.1.6
gnumailman
2.1.8
gnumailman
2.1.9
gnumailman
2.1.10
gnumailman
2.1.10:rc1
gnumailman
2.1.10b1:b1
gnumailman
2.1.10b3:b3
gnumailman
2.1.10b4:b4
gnumailman
2.1.11
gnumailman
2.1.11:rc1
gnumailman
2.1.11:rc2
gnumailman
2.1.12
gnumailman
2.1.12:rc1
gnumailman
2.1.12:rc2
gnumailman
2.1.13
gnumailman
2.1.13:rc1
gnumailman
2.1.14
gnumailman
2.1.14:rc1
gnumailman
2.1.14-1
gnumailman
2.1.15
gnumailman
2.1.15:rc1
gnumailman
2.1.16
gnumailman
2.1.16:rc1
gnumailman
2.1.16:rc2
gnumailman
2.1.16:rc3
gnumailman
2.1.17
gnumailman
2.1.18
gnumailman
2.1.18:rc1
gnumailman
2.1.18:rc2
gnumailman
2.1.18:rc3
gnumailman
2.1.18-1
gnumailman
2.1.19
gnumailman
2.1.19:rc1
gnumailman
2.1.19:rc2
gnumailman
2.1.19:rc3
gnumailman
2.1.20
gnumailman
2.1.21
gnumailman
2.1.21:rc2
gnumailman
2.1.22
gnumailman
2.1.23
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mailman
yakkety
Fixed 1:2.1.22-1ubuntu0.1
released
xenial
Fixed 1:2.1.20-1ubuntu0.1
released
trusty
Fixed 1:2.1.16-2ubuntu0.2
released
precise
Fixed 1:2.1.14-3ubuntu0.4
released
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3668
http://www.securityfocus.com/bid/92731
http://www.securitytracker.com/id/1036728
https://bugs.launchpad.net/bugs/1614841
http://www.debian.org/security/2016/dsa-3668
http://www.securityfocus.com/bid/92731
http://www.securitytracker.com/id/1036728
https://bugs.launchpad.net/bugs/1614841