CSRF protection needs to be extended to the user options page
Bug #1614841 reported by
Mark Sapiro
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro |
Bug Description
There is a possibility of a CSRF attack via the user options page which could allow an attacker to discover a user's password. Reported by Nishant Agarwala.
Related branches
description: | updated |
Changed in mailman: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
CVE-2016-6893 has been assigned for this issue.