*** This bug is a security vulnerability ***
Private security bug reported:
1) Go to the main page of a list.
2) Do a subscribing request with any email that is not on the list.
3) Try to login in the subscribed list with the email and password from step 2
(the last fields of the page)
4) Have access to all addresses on that list without being part of it!!
(your request does not need to be approved for you to have access.)
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1770464
Title:
all email adress of a list are visible when a non-aproved email logs
in
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1770464/+subscriptions
_______________________________________________
Mailman-coders mailing list
[email protected]
https://mail.python.org/mailman/listinfo/mailman-coders
