Vulnerability CVE-2012-5586
Published: 2012-12-26

Description:
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."

CVSS2 => (AV:N/AC:H/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Remote
High
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Marc ingram -> Services 

 References:
http://drupal.org/node/1853200
http://drupal.org/node/1842026
http://drupal.org/node/1842022
http://www.securityfocus.com/bid/56723
http://www.openwall.com/lists/oss-security/2012/11/29/2
Copyright 2024, cxsecurity.com

 

Back to Top