Dennison Williams

**Name of the Vulnerable Software and Affected Versions** Ushahidi Platform versions prior to 2.5 **Description** The issue concerns the email API in the Ushahidi Platform, which does not require authentication. This allows remote attackers to list, delete, or organize messages via a GET request to the API endpoint. **Recommendations** For versions prior to 2.5, consider requiring authentication for the email API to prevent unauthorized access. As a temporary workaround, restrict access to the email API endpoint to minimize the risk of exploitation.