CVE-2012-2724

medium

Description

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

References

Advisories

https://exchange.xforce.ibmcloud.com/vulnerabilities/76143

http://www.securityfocus.com/bid/53839

http://www.openwall.com/lists/oss-security/2012/06/14/3

http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6

http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c

http://drupalcode.org/project/simplenews.git/commitdiff/36352c1

http://drupal.org/node/1619848

http://drupal.org/node/1619820

http://drupal.org/node/1619818

http://drupal.org/node/1619812

Details

Source: Mitre, NVD

Published: 2020-01-09

Updated: 2020-01-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.01383