USN-5180-1: Mailman vulnerability
7 December 2021
A system hardening measure could be bypassed.
- mailman - Web-based mailing list manager
It was discovered that Mailman incorrectly handled CSRF tokens. A remote
list member or moderator could possibly use their own token to craft an
admin request CSRF attack and set a new admin password or make other