4
CVE-2014-9154
- EPSS 0.94%
- Veröffentlicht 01.12.2014 16:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Notify Project ≫ Notify Version7.x-1.0 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha1 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha2 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha3 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha4 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha5 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha6 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha7 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha8 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updatealpha9 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updaterc1 SwPlatformdrupal
Notify Project ≫ Notify Version7.x-1.0 Updaterc2 SwPlatformdrupal
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.562 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://www.drupal.org/node/2320693
https://www.drupal.org/node/2320741