Описание
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:notify_project:notify:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha1:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha2:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha3:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha4:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha5:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha6:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha7:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha8:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:alpha9:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:rc1:*:*:*:drupal:*:*
cpe:2.3:a:notify_project:notify:7.x-1.0:rc2:*:*:*:drupal:*:*
EPSS
Процентиль: 40%
0.00176
Низкий
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
около 3 лет назад
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.
EPSS
Процентиль: 40%
0.00176
Низкий
4 Medium
CVSS2
Дефекты
CWE-200