CVE-2016-6893
Summary
| CVE | CVE-2016-6893 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-09-02 14:59:00 UTC |
| Updated | 2017-08-13 01:29:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnu | Mailman | 2.1 | All | All | All |
| Application | Gnu | Mailman | 2.1.1 | All | All | All |
| Application | Gnu | Mailman | 2.1.10 | All | All | All |
| Application | Gnu | Mailman | 2.1.10 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.10b1 | All | All | All |
| Application | Gnu | Mailman | 2.1.10b3 | All | All | All |
| Application | Gnu | Mailman | 2.1.10b4 | All | All | All |
| Application | Gnu | Mailman | 2.1.11 | All | All | All |
| Application | Gnu | Mailman | 2.1.11 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.11 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.12 | All | All | All |
| Application | Gnu | Mailman | 2.1.12 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.12 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.13 | All | All | All |
| Application | Gnu | Mailman | 2.1.13 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.14 | All | All | All |
| Application | Gnu | Mailman | 2.1.14 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.14-1 | All | All | All |
| Application | Gnu | Mailman | 2.1.15 | All | All | All |
| Application | Gnu | Mailman | 2.1.15 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.16 | All | All | All |
| Application | Gnu | Mailman | 2.1.16 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.16 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.16 | rc3 | All | All |
| Application | Gnu | Mailman | 2.1.17 | All | All | All |
| Application | Gnu | Mailman | 2.1.18 | All | All | All |
| Application | Gnu | Mailman | 2.1.18 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.18 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.18 | rc3 | All | All |
| Application | Gnu | Mailman | 2.1.18-1 | All | All | All |
| Application | Gnu | Mailman | 2.1.19 | All | All | All |
| Application | Gnu | Mailman | 2.1.19 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.19 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.19 | rc3 | All | All |
| Application | Gnu | Mailman | 2.1.2 | All | All | All |
| Application | Gnu | Mailman | 2.1.20 | All | All | All |
| Application | Gnu | Mailman | 2.1.21 | All | All | All |
| Application | Gnu | Mailman | 2.1.21 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.22 | All | All | All |
| Application | Gnu | Mailman | 2.1.23 | All | All | All |
| Application | Gnu | Mailman | 2.1.3 | All | All | All |
| Application | Gnu | Mailman | 2.1.4 | All | All | All |
| Application | Gnu | Mailman | 2.1.5 | All | All | All |
| Application | Gnu | Mailman | 2.1.6 | All | All | All |
| Application | Gnu | Mailman | 2.1.8 | All | All | All |
| Application | Gnu | Mailman | 2.1.9 | All | All | All |
| Application | Gnu | Mailman | 2.1 | All | All | All |
| Application | Gnu | Mailman | 2.1.1 | All | All | All |
| Application | Gnu | Mailman | 2.1.10 | All | All | All |
| Application | Gnu | Mailman | 2.1.10 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.10b1 | All | All | All |
| Application | Gnu | Mailman | 2.1.10b3 | All | All | All |
| Application | Gnu | Mailman | 2.1.10b4 | All | All | All |
| Application | Gnu | Mailman | 2.1.11 | All | All | All |
| Application | Gnu | Mailman | 2.1.11 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.11 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.12 | All | All | All |
| Application | Gnu | Mailman | 2.1.12 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.12 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.13 | All | All | All |
| Application | Gnu | Mailman | 2.1.13 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.14 | All | All | All |
| Application | Gnu | Mailman | 2.1.14 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.14-1 | All | All | All |
| Application | Gnu | Mailman | 2.1.15 | All | All | All |
| Application | Gnu | Mailman | 2.1.15 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.16 | All | All | All |
| Application | Gnu | Mailman | 2.1.16 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.16 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.16 | rc3 | All | All |
| Application | Gnu | Mailman | 2.1.17 | All | All | All |
| Application | Gnu | Mailman | 2.1.18 | All | All | All |
| Application | Gnu | Mailman | 2.1.18 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.18 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.18 | rc3 | All | All |
| Application | Gnu | Mailman | 2.1.18-1 | All | All | All |
| Application | Gnu | Mailman | 2.1.19 | All | All | All |
| Application | Gnu | Mailman | 2.1.19 | rc1 | All | All |
| Application | Gnu | Mailman | 2.1.19 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.19 | rc3 | All | All |
| Application | Gnu | Mailman | 2.1.2 | All | All | All |
| Application | Gnu | Mailman | 2.1.20 | All | All | All |
| Application | Gnu | Mailman | 2.1.21 | All | All | All |
| Application | Gnu | Mailman | 2.1.21 | rc2 | All | All |
| Application | Gnu | Mailman | 2.1.22 | All | All | All |
| Application | Gnu | Mailman | 2.1.23 | All | All | All |
| Application | Gnu | Mailman | 2.1.3 | All | All | All |
| Application | Gnu | Mailman | 2.1.4 | All | All | All |
| Application | Gnu | Mailman | 2.1.5 | All | All | All |
| Application | Gnu | Mailman | 2.1.6 | All | All | All |
| Application | Gnu | Mailman | 2.1.8 | All | All | All |
| Application | Gnu | Mailman | 2.1.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mailman Access Control Flaw in User Options Page Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Bug #1614841 “CSRF protection needs to be extended to the user o...” : Bugs : GNU Mailman | CONFIRM | bugs.launchpad.net | Issue Tracking |
| Debian -- Security Information -- DSA-3668-1 mailman | DEBIAN | www.debian.org | |
| GNU Mailman CVE-2016-6893 Cross Site Request Forgery Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159545 Oracle Enterprise Linux Security Update for mailman (ELSA-2021-4913)
- 239928 Red Hat Update for mailman (RHSA-2021:4913)
- 257134 CentOS Security Update for mailman (CESA-2021:4913)
- 353123 Amazon Linux Security Advisory for mailman : ALAS2-2022-1740
- 377175 Alibaba Cloud Linux Security Update for mailman (ALINUX2-SA-2021:0069)
- 671247 EulerOS Security Update for mailman (EulerOS-SA-2022-1177)
- 671336 EulerOS Security Update for mailman (EulerOS-SA-2022-1277)