Unauthorized Domain Deletion

Problem

In Postorius releases prior to 1.0.3 the administrative page to delete domains is missing proper protection against unauthorized access. Thus users without administrative rights could potentially access this page and delete domains if they know or guess the url structure.

Resolution

Update Postorius to version 1.0.3.

Using Pip:

  pip install --upgrade postorius

Or using the tarball on https://pypi.python.org/pypi/postorius

MailmanWiki: SEC/Unauthorized-Domain-Deletion (last edited 2016-02-02 22:10:00 by FlorianFuchs)