Potential CSRF attack via the user options page.
Bug #1947640 reported by
Mark Sapiro
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro | ||
Bug Description
A valid `csrf_token` generated for one user session can be considered valid for another user session. This allows an attacker to generate a token which they can engineer another user, with an active session, to send to the server to execute the commands specified by the attacker whilst authenticated as the victim. Theoretically this could allow account take over.
Thanks to Andre Protas, Richard Cloke and Andy Nuttall of Apple for reporting these and helping with the development of a fix.
Related branches
CVE References
Revision history for this message
| Mark Sapiro (msapiro) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in mailman: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
