*** This bug is a security vulnerability *** Private security bug reported: The `csrf_token` generated for the `options` page is always an `admin` token rather than specific to the authenticated user for that session. This admin token contains information that is derived from the hashed list admin password, which could theoretically allow a brute-force attack to obtain the list admin password. Thanks to Andre Protas, Richard Cloke and Andy Nuttall of Apple for reporting these and helping with the development of a fix. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-42096 ** Summary changed: - Potential Privilege escallation via the user options page. + Potential Privilege escalation via the user options page. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1947639 Title: Potential Privilege escalation via the user options page. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1947639/+subscriptions