CVE-2016-6893 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-6893 Interim 1 34 2025-03-25T01:10:05Z current 2021-05-30T13:45:05Z 2025-03-25T01:10:05Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-June/004172.html E-Mail link for SUSE-SU-2018:1638-1 https://lists.suse.com/pipermail/sle-security-updates/2018-December/005005.html E-Mail link for SUSE-SU-2018:4296-1 https://lists.suse.com/pipermail/sle-security-updates/2019-January/005015.html E-Mail link for SUSE-SU-2019:13924-1 https://lists.suse.com/pipermail/sle-security-updates/2019-May/005519.html E-Mail link for SUSE-SU-2019:14068-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 4 SUSE Liberty Linux 7 SUSE Liberty Linux 7 LTSS SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed mailman mailman-2.1.15-30.el7_9.2 mailman-2.1.15-9.6.12.1 mailman-2.1.15-9.6.6.1 mailman-2.1.17-3.3.3 mailman-2.1.17-3.8.1 mailman-2.1.23-1.2 mailman-2.1.17-3.3.3 as a component of SUSE Enterprise Storage 4 mailman-2.1.15-30.el7_9.2 as a component of SUSE Liberty Linux 7 mailman-2.1.15-30.el7_9.2 as a component of SUSE Liberty Linux 7 LTSS mailman-2.1.17-3.8.1 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 mailman-2.1.15-9.6.12.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT mailman-2.1.15-9.6.12.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server 11 SP3-LTSS mailman-2.1.15-9.6.12.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server 11 SP4 mailman-2.1.15-9.6.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP2-BCL mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP3 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12 SP4 mailman-2.1.17-3.8.1 as a component of SUSE Linux Enterprise Server 12 SP5 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server 12-LTSS mailman-2.1.15-9.6.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 mailman-2.1.17-3.3.3 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 mailman-2.1.17-3.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mailman-2.1.17-3.3.3 as a component of SUSE OpenStack Cloud 7 mailman-2.1.23-1.2 as a component of openSUSE Tumbleweed mailman as a component of HPE Helion OpenStack 8 mailman as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 mailman as a component of SUSE Linux Enterprise Server 12 SP2-BCL mailman as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS mailman as a component of SUSE Linux Enterprise Server 12 SP4-LTSS mailman as a component of SUSE Linux Enterprise Server 12 SP5 mailman as a component of SUSE Linux Enterprise Server Teradata 12 SP3 mailman as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mailman as a component of SUSE OpenStack Cloud 8 mailman as a component of SUSE OpenStack Cloud 9 mailman as a component of SUSE OpenStack Cloud Crowbar 8 mailman as a component of SUSE OpenStack Cloud Crowbar 9 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. CVE-2016-6893 SUSE Enterprise Storage 4:mailman-2.1.17-3.3.3 SUSE Liberty Linux 7:mailman-2.1.15-30.el7_9.2 SUSE Liberty Linux 7 LTSS:mailman-2.1.15-30.el7_9.2 SUSE Linux Enterprise High Performance Computing 12 SP5:mailman-2.1.17-3.8.1 SUSE Linux Enterprise Point of Sale 11 SP3:mailman-2.1.15-9.6.12.1 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 11 SP1-TERADATA:mailman-2.1.15-9.6.12.1 SUSE Linux Enterprise Server 11 SP3-LTSS:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:mailman-2.1.15-9.6.12.1 SUSE Linux Enterprise Server 11 SP4:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server 11 SP4-LTSS:mailman-2.1.15-9.6.12.1 SUSE Linux Enterprise Server 12 SP1-LTSS:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP2-BCL:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP2-LTSS:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP3:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP3-TERADATA:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP4:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server 12 SP5:mailman-2.1.17-3.8.1 SUSE Linux Enterprise Server 12-LTSS:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 11 SP4:mailman-2.1.15-9.6.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP2:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP3:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP4:mailman-2.1.17-3.3.3 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mailman-2.1.17-3.8.1 SUSE OpenStack Cloud 7:mailman-2.1.17-3.3.3 openSUSE Tumbleweed:mailman-2.1.23-1.2 low 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H