FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page

Affected packages
mailman < 2.1.38
mailman-exim4 < 2.1.38
mailman-exim4-with-htdig < 2.1.38
mailman-postfix < 2.1.38
mailman-postfix-with-htdig < 2.1.38
mailman-with-htdig < 2.1.38

Details

VuXML ID 0d6efbe3-52d9-11ec-9472-e3667ed6088e
Discovery 2021-11-25
Entry 2021-12-01

Mark Sapiro reports:

A list moderator or list member can potentially carry out a CSRF attack by getting a list admin to visit a crafted web page.

References

CVE Name CVE-2021-44227
URL https://bugs.launchpad.net/mailman/+bug/1952384
URL https://www.mail-archive.com/mailman-users@python.org/msg73979.html