Unauthorized Domain Deletion


In Postorius releases prior to 1.0.3 the administrative page to delete domains is missing proper protection against unauthorized access. Thus users without administrative rights could potentially access this page and delete domains if they know or guess the url structure.


Update Postorius to version 1.0.3.

Using Pip:

  pip install --upgrade postorius

Or using the tarball on https://pypi.python.org/pypi/postorius

MailmanWiki: SEC/Unauthorized-Domain-Deletion (last edited 2016-02-02 22:10:00 by FlorianFuchs)