GHSA-FC75-58R8-RM3H Wagtail vulnerable to disclosure of user names via admin bulk action views
Impact A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user...