Description
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499)
PostgreSQL Improper Access Control Vulnerability (CVE-2016-7048)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)