GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

GHSA-V83X-78Q3-GR2J GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

PT-2021-22867 · Gnu +2 · Gnu Mailman Postorius +2

Name of the Vulnerable Software and Affected Versions: GNU Mailman Postorius versions prior to 1.3.5 Description: An issue was discovered in views/list.py in GNU Mailman Postorius. An attacker, logged into any account, can send a crafted POST request to unsubscribe any user from a mailing list,...