Vulnerability	Vulnerable Version
M Cross-site Request Forgery (CSRF) Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the user options page which allows an attacker to discover a user's password. How to fix Cross-site Request Forgery (CSRF)? Upgrade `mailman` to version 3.0.0b3 or higher.	[,3.0.0b3)
M Timing Attack Affected versions of this package are vulnerable to Timing Attack when checking password validity via the REST API. Note: This is only exploitable if an attacker can directly access the REST API, which is bound to `localhost` by default. How to fix Timing Attack? Upgrade `mailman` to version 3.3.5 or higher.	[,3.3.5)
H Brute Force Affected versions of this package are vulnerable to Brute Force. A certain `csrf_token` value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. How to fix Brute Force? Upgrade `mailman` to version 3.0.0 or higher.	[,3.0.0)
M Cross-site Request Forgery (CSRF) Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). A valid `csrf_token` generated for one user session can be considered valid for another user session. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). How to fix Cross-site Request Forgery (CSRF)? Upgrade `mailman` to version 3.0.0 or higher.	[,3.0.0)

Go back to all versions of this package