Ok, so for this to work you have to click on a phishing email.

A few weeks ago I was working on the linkedin api and I noticed that if I was sending messages to multiple contacts, they would all see each other's email on cc instead of ccn. I reported this to the team and I hope it's fixed by now. It's not a big deal, but it's a way to know the email address of all your contacts.

Yes, it's a phishing email but where it's different and vulnerable is that you receive a seemingly legitimate email from LinkedIn (it's in fact a legitimate email that was "forwarded" to you), that does link to LinkedIn.com, not limkedin.com or similar. You never actually give your email and password to a site that makes you think it's LinkedIn. It IS LinkedIn.

The weak part is that your LinkedIn account gets associated to an extra email address without your express consent. (allegedly, since I haven't tried this)

You can see the email details on your contacts on linkedin anyway, no ?

I'm not sure about that. But anyway your contacts will see your contacts's email.

Wow. So easy to exploit...