vulnerability

FreeBSD: VID-b11ab01b-6e19-11e6-ab24-080027ef73ec (CVE-2016-6893): mailman -- CSRF protection enhancements

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Aug 29, 2016	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Aug 29, 2016

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

Mark Sapiro reports: CSRF protection has been extended to the user options page. This was actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and intended for Mailman 2.1.15, but that fix wasn't completely merged at the time. The full fix also addresses the admindb, and edithtml pages as well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.

Solution

freebsd-upgrade-package-mailman

References

CVE-2016-6893
https://attackerkb.com/topics/CVE-2016-6893
CWE-352

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today