Headline
CVE-2021-44227: Bug #1952384 “A CSRF vulnerability could allow a list moderator ...” : Bugs : GNU Mailman
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
A CSRF vulnerability could allow a list moderator or list member to access the admin UI
Bug #1952384 reported by Mark Sapiro on 2021-11-26
This bug affects 1 person
Affects
Status
Importance
Assigned to
Milestone
GNU Mailman
Fix Released
Medium
Mark Sapiro
GNU Mailman 2.1.38
Bug Description
A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page.
A moderator or list member can get an admindb or options page with a CSRF token and use that token in a crafted POST request to the admin page to change the list admin password or other settings and convince an admin to submit the POST.
Likewise, a list member can do the same with a POST to the admindb page to handle requests.
Related branches