GNU Mailman

XSS vulnerability and information leak in user options CGI

Bug #1747209 reported by Mark Sapiro
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Fix Released
High
Mark Sapiro
GNU Mailman 2.1.26

Bug Description

CVE-2018-5950

A crafted URL for a user options page can cause a browser to execute arbitrary script encoded in the URL.

Also, in developing a fix for this issue it was discovered that a user options URL with a VARHELP query fragment would display the user options page without requiring login. No changes could be made and the settings revealed are not particularly sensitive, but this could be used to fish for membership on a list with a private roster.

Thanks to Calum Hutton for the original report.

See original description

Related branches

lp:mailman/2.1

CVE References

Revision history for this message
Mark Sapiro (msapiro) wrote :
description: updated
Mark Sapiro (msapiro)
information type: Private Security → Public
Mark Sapiro (msapiro)
Changed in mailman:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.