Vulnerability Details CVE-2012-5586
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v2 Score 2.1
References
- http://drupal.org/node/1842022
- http://drupal.org/node/1842026
- http://drupal.org/node/1853200
- http://www.openwall.com/lists/oss-security/2012/11/29/2
- http://www.securityfocus.com/bid/56723
- http://drupal.org/node/1842022
- http://drupal.org/node/1842026
- http://drupal.org/node/1853200
- http://www.openwall.com/lists/oss-security/2012/11/29/2
- http://www.securityfocus.com/bid/56723
Products affected by CVE-2012-5586
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:marc_ingram:services:6.x-3.0
-
cpe:2.3:a:marc_ingram:services:6.x-3.1
-
cpe:2.3:a:marc_ingram:services:6.x-3.2
-
cpe:2.3:a:marc_ingram:services:6.x-3.x
-
cpe:2.3:a:marc_ingram:services:7.x-3.0
-
cpe:2.3:a:marc_ingram:services:7.x-3.1
-
cpe:2.3:a:marc_ingram:services:7.x-3.2
-
cpe:2.3:a:marc_ingram:services:7.x-3.3
-
cpe:2.3:a:marc_ingram:services:7.x-3.x