mailman: cross-site request forgery
| Package(s): | mailman |
CVE #(s): | CVE-2016-7123
|
| Created: | November 2, 2016 |
Updated: | November 2, 2016 |
| Description: |
From the Ubuntu advisory:
It was discovered that the Mailman administrative web interface did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could perform administrative
actions. This issue only affected Ubuntu 12.04 LTS. |
| Alerts: |
|
