Enumeration of subscribed users and unauthenticated email unsubscriptions on https://newsletter.nextcloud.com/?p=unsubscribe

Disclosed: 2016-06-19 03:51:51 By strukt To nextcloud

Unknown

Vulnerability Details

Hello, The mentioned URL contains a form that, when supplied correct user emails, unsubscribes users from the newsletters they're subscribed to. If the user is not subscribed, the form returns a message that says that the user is not subscribed if this is the case. Regards

Actions

View on HackerOne

Report Stats

Report ID: 145396
State: Closed
Substate: resolved
Upvotes: 4

Enumeration of subscribed users and unauthenticated email unsubscriptions on https://newsletter.nextcloud.com/?p=unsubscribe

Vulnerability Details

Actions

Report Stats

Share this report