Vulnerability Details CVE-2012-5570
The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.2%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.openwall.com/lists/oss-security/2012/11/20/4
- http://www.openwall.com/lists/oss-security/2012/11/27/2
- https://drupal.org/node/1808616
- https://www.drupal.org/node/1808852
- http://www.openwall.com/lists/oss-security/2012/11/20/4
- http://www.openwall.com/lists/oss-security/2012/11/27/2
- https://drupal.org/node/1808616
- https://www.drupal.org/node/1808852
Products affected by CVE-2012-5570
-
cpe:2.3:a:basic_webmail_project:basic_webmail:6.x-1.0
-
cpe:2.3:a:basic_webmail_project:basic_webmail:6.x-1.1
-
cpe:2.3:a:basic_webmail_project:basic_webmail:6.x-1.x