Potential CSRF attack via the user options page.

Bug #1947640 reported by Mark Sapiro
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Fix Released
Mark Sapiro

Bug Description

A valid `csrf_token` generated for one user session can be considered valid for another user session. This allows an attacker to generate a token which they can engineer another user, with an active session, to send to the server to execute the commands specified by the attacker whilst authenticated as the victim. Theoretically this could allow account take over.

Thanks to Andre Protas, Richard Cloke and Andy Nuttall of Apple for reporting these and helping with the development of a fix.

Related branches

CVE References

Revision history for this message
Mark Sapiro (msapiro) wrote :
Mark Sapiro (msapiro)
information type: Private Security → Public Security
Changed in mailman:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.