Headline
CVE-2021-44227: Bug #1952384 “A CSRF vulnerability could allow a list moderator ...” : Bugs : GNU Mailman
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
A CSRF vulnerability could allow a list moderator or list member to access the admin UI
Bug #1952384 reported by Mark Sapiro on 2021-11-26
This bug affects 1 person
Affects
Status
Importance
Assigned to
Milestone
GNU Mailman
Fix Released
Medium
Mark Sapiro
GNU Mailman 2.1.38
You need to log in to change this bug’s status.
Affecting:
GNU Mailman
Filed here by:
Mark Sapiro
When:
2021-11-26
Confirmed:
2021-11-26
Assigned:
2021-11-26
Started work:
2021-11-26
Completed:
2021-11-30
Target
Distribution
Package
(Find…)
Project
(Find…)
Status
Importance
Milestone
Medium
GNU Mailman 2.1.38
Assigned to
Me
Mark Sapiro (msapiro)
Comment on this change (optional)
Email me about changes to this bug report
Bug Description
A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page.
A moderator or list member can get an admindb or options page with a CSRF token and use that token in a crafted POST request to the admin page to change the list admin password or other settings and convince an admin to submit the POST.
Likewise, a list member can do the same with a POST to the admindb page to handle requests.
Related branches