5.3

CVE-2012-2724

EPSS 1.38%
Veröffentlicht 09.01.2020 20:15:10
Zuletzt bearbeitet 21.11.2024 01:39:30
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Md-systems ≫ Simplenews Version6.x-1.0 Update- SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updatebeta1 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updatebeta2 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updatebeta3 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updatebeta4 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updatebeta5 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updaterc1 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updaterc2 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updaterc3 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updaterc4 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updaterc5 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.0 Updaterc6 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.1 Update- SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.2 Update- SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-1.3 Update- SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-2.0 Updatealpha1 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-2.0 Updatealpha2 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-2.0 Updatealpha3 SwPlatformdrupal

Md-systems ≫ Simplenews Version6.x-2.x Updatedev SwPlatformdrupal

Md-systems ≫ Simplenews Version7.x-1.0 Update- SwPlatformdrupal

Md-systems ≫ Simplenews Version7.x-1.0 Updatealpha1 SwPlatformdrupal

Md-systems ≫ Simplenews Version7.x-1.0 Updatealpha2 SwPlatformdrupal

Md-systems ≫ Simplenews Version7.x-1.0 Updatebeta1 SwPlatformdrupal

Md-systems ≫ Simplenews Version7.x-1.0 Updatebeta2 SwPlatformdrupal

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.38%	0.785

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2012/06/14/3

Third Party Advisory

Mailing List

http://drupal.org/node/1619812

Third Party Advisory

http://drupal.org/node/1619818

Third Party Advisory

http://drupal.org/node/1619820

Third Party Advisory

http://drupal.org/node/1619848

Third Party Advisory

http://drupalcode.org/project/simplenews.git/commitdiff/36352c1

Third Party Advisory

Permissions Required

http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c

Third Party Advisory

Permissions Required

http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6

Third Party Advisory

Permissions Required

http://www.securityfocus.com/bid/53839

Third Party Advisory

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/76143

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2012-2724

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2724

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2724

EUVD