Описание
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:md-systems:simplenews:6.x-1.0:-:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta1:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta2:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta3:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta4:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta5:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc1:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc2:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc3:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc4:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc5:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc6:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.1:-:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.2:-:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-1.3:-:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-2.0:alpha1:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-2.0:alpha2:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-2.0:alpha3:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:6.x-2.x:dev:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:7.x-1.0:-:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:7.x-1.0:alpha1:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:7.x-1.0:alpha2:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:7.x-1.0:beta1:*:*:*:drupal:*:*
cpe:2.3:a:md-systems:simplenews:7.x-1.0:beta2:*:*:*:drupal:*:*
EPSS
Процентиль: 80%
0.01383
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
EPSS
Процентиль: 80%
0.01383
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200