Kunal Mehta

**Name of the Vulnerable Software and Affected Versions** HyperKitty versions prior to 1.3.5 **Description** The issue is related to an error when importing archives of private mailing lists, which become publicly accessible during the import process. This could allow a remote attacker to access confidential data. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. **Recommendations** For HyperKitty versions prior to 1.3.5, update to version 1.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `management/commands/hyperkitty import.py` module until a patch is available. Avoid using the `hyperkitty import` command with private mailing list archives until the issue is resolved.