Описание
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-2724
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76143
- http://drupal.org/node/1619812
- http://drupal.org/node/1619818
- http://drupal.org/node/1619820
- http://drupal.org/node/1619848
- http://drupalcode.org/project/simplenews.git/commitdiff/36352c1
- http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c
- http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.securityfocus.com/bid/53839
Связанные уязвимости
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.