*** This bug is a security vulnerability *** Private security bug reported: A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress ** Patch added: "Patch to fix this issue." https://bugs.launchpad.net/bugs/1952384/+attachment/5543451/+files/patch.txt -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1952384 Title: A CSRF vulnerability could allow a list moderator or list member to access the admin UI To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1952384/+subscriptions