[Bug 1770464] [NEW] all email adress of a list are visible when a non-aproved email logs in
victor.emanuel.brito at gmail.com
Thu May 10 13:54:23 EDT 2018
*** This bug is a security vulnerability ***
Private security bug reported:
1) Go to the main page of a list.
2) Do a subscribing request with any email that is not on the list.
3) Try to login in the subscribed list with the email and password from step 2
(the last fields of the page)
4) Have access to all addresses on that list without being part of it!!
(your request does not need to be approved for you to have access.)
** Affects: mailman
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
all email adress of a list are visible when a non-aproved email logs
To manage notifications about this bug go to:
More information about the Mailman-coders