[Bug 1747209] [NEW] XSS vulnerability and information leak in user options CGI
Mark Sapiro
mark at msapiro.net
Sat Feb 3 18:34:27 EST 2018
*** This bug is a security vulnerability ***
Private security bug reported:
CVE-2018-5950
A crafted URL for a user options page can cause a browser to execute
arbitrary script encoded in the URL.
Also, in developing a fix for this issue it was discovered that a user
options URL with a VARHELP query fragment would display the user options
page without requiring login. No changes could be made and the settings
revealed are not particularly sensitive, but this could be used to fish
for membership on a list with a private roster.
Thanks to Calum Hutton for the original report.
** Affects: mailman
Importance: High
Assignee: Mark Sapiro (msapiro)
Status: In Progress
** Patch added: "Patch to fix this issue"
https://bugs.launchpad.net/bugs/1747209/+attachment/5048344/+files/options.patch
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5950
** Description changed:
CVE-2018-5950
A crafted URL for a user options page can cause a browser to execute
arbitrary script encoded in the URL.
Also, in developing a fix for this issue it was discovered that a user
options URL with a VARHELP query fragment would display the user options
page without requiring login. No changes could be made and the settings
revealed are not particularly sensitive, but this could be used to fish
for membership on a list with a private roster.
+
+ Thanks to Calum Hutton for the original report.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1747209
Title:
XSS vulnerability and information leak in user options CGI
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1747209/+subscriptions
More information about the Mailman-coders
mailing list