Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
Vulnerabilidad de CSRF en la interfaz web administrativa en GNU Mailman en versiones anteriores a 2.1.15 permite a atacantes remotos secuestrar la autenticación de administradores.
It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. Various other issues were also addressed.
