CVE-2012-2724

Summary

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

Affected Software

VendorProductVersion RangeStatus
SimplenewsSimplenews6.x-1.x before 6.x-1.4affected
SimplenewsSimplenews6.x-2.x before 6.x-2.0-alpha4affected
SimplenewsSimplenewsand 7.x-1.x before 7.x-1.0-rc1affected

Weaknesses

  • Path Disclosure

ADP Enrichment

CVE Program Container

Additional References

References