Your submission was sent successfully! Close

CVE-2016-7123

Published: 2 September 2016

Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
precise
Released (1:2.1.14-3ubuntu0.4)
trusty Does not exist
(trusty was not-affected [1:2.1.16-2ubuntu0.1])
upstream
Released (2.1.15-1)
xenial Not vulnerable

yakkety Not vulnerable