Security Advisory

CVE-2021-42097

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-21 00:45:13

Last updated 2024-08-04 03:22:25

Assigner mitre

State PUBLISHED

Description

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).

← Browse all CVEs View on cve.org ↗