CVE-2012-5586
N/A
N/A
Summary
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupal.org/node/1842026
- http://www.securityfocus.com/bid/56723
- http://www.openwall.com/lists/oss-security/2012/11/29/2
- http://drupal.org/node/1853200
- http://drupal.org/node/1842022
References
- http://drupal.org/node/1842026
- http://www.securityfocus.com/bid/56723
- http://www.openwall.com/lists/oss-security/2012/11/29/2
- http://drupal.org/node/1853200
- http://drupal.org/node/1842022
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.