VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published Sep 2, 2016· Updated May 6, 2026

CVE-2016-6893

CVE-2016-6893

Description

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Affected products

46
  • GNU/Mailman46 versions
    cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*+ 45 more
    • cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.10b1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.10b3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.10b4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.10:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.12:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.12:rc2:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.14-1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.15:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.16:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.16:rc2:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.16:rc3:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.18-1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.18:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.18:rc2:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.18:rc3:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.19:rc1:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.19:rc2:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.19:rc3:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.21:rc2:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.