*** This bug is a security vulnerability ***
Private security bug reported:
A valid `csrf_token` generated for one user session can be considered
valid for another user session. This allows an attacker to generate a
token which they can engineer another user, with an active session, to
send to the server to execute the commands specified by the attacker
whilst authenticated as the victim. Theoretically this could allow
account take over.
Thanks to Andre Protas, Richard Cloke and Andy Nuttall of Apple for
reporting these and helping with the development of a fix.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42097
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1947640
Title:
Potential CSRF attack via the user options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1947640/+subscriptions
_______________________________________________
Mailman-coders mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: [email protected]
