[Bug 1770464] [NEW] all email adress of a list are visible when a non-aproved email logs in
VIctor Emanuel
victor.emanuel.brito at gmail.com
Thu May 10 13:54:23 EDT 2018
*** This bug is a security vulnerability ***
Private security bug reported:
1) Go to the main page of a list.
2) Do a subscribing request with any email that is not on the list.
3) Try to login in the subscribed list with the email and password from step 2
(the last fields of the page)
4) Have access to all addresses on that list without being part of it!!
(your request does not need to be approved for you to have access.)
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1770464
Title:
all email adress of a list are visible when a non-aproved email logs
in
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1770464/+subscriptions
More information about the Mailman-coders
mailing list