GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mailman | Gnu | * | 2.1.35 (excluding) |
Red Hat Enterprise Linux 7 | RedHat | mailman-3:2.1.15-30.el7_9.2 | * |
Red Hat Enterprise Linux 8 | RedHat | mailman:2.1-8050020211109091611.aa3ced04 | * |
Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | mailman:2.1-8010020211110115755.656b880e | * |
Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | mailman:2.1-8020020211110111201.c3a0935b | * |
Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | mailman:2.1-8040020211109094506.70584597 | * |
Mailman | Ubuntu | bionic | * |
Mailman | Ubuntu | esm-apps/focal | * |
Mailman | Ubuntu | esm-infra/bionic | * |
Mailman | Ubuntu | esm-infra/xenial | * |
Mailman | Ubuntu | focal | * |
Mailman | Ubuntu | upstream | * |