.png)
BOOK THIS SPACE FOR AD
ARTICLE AD9. June 2021
This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Hyperkitty, a Django-based application responsible for providing a web interface for the popular open-source mailing list and newsletter management service Mailman, has patched a critical flaw that disclosed personal mailing lists while importing them.
Amir Sarabadani, a software engineer at Wikimedia Deutschland, identified the flaw while upgrading Wikimedia’s mailing lists from Mailman 2 to Mailman 3.
“We were upgrading a test mailing list that was private but realized during the upgrade it was public. Once the upgrade was done, the list would become private. Private mailing lists can contain sensitive information, like publicly identifiable information,” Sarabadani stated.
“When importing a private mailing lists archives, these archives are publicly visible for the duration of the import,” reads the security advisory on GitHub. This means a threat actor would be able to access the personal information of the users.
Security researchers marked the flaw in the critical list with a severity score of 7.5. The latest version of Hyperkitty has patched the flaw by obtaining privacy configurations of imported lists from Mailman instead of u […]Read the original article: Major Security Flaw Patched by Hyperkitty
By continuing to use the site, you agree to the use of cookies. more information
Bengali (Bangladesh) · 
English (United States) ·