CVE-2012-5586
Last modified
CVE-2012-5586 is a vulnerability of currently unknown severity. The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource.". EPSS estimates a 0.96% chance of exploitation in the next 30 days.
Description
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Marc Ingram | Services | 6.x-3.0 | — |
| Marc Ingram | Services | 6.x-3.1 | — |
| Marc Ingram | Services | 6.x-3.2 | — |
| Marc Ingram | Services | 6.x-3.x | Dev |
| Marc Ingram | Services | 7.x-3.0 | — |
| Marc Ingram | Services | 7.x-3.1 | — |
| Marc Ingram | Services | 7.x-3.2 | — |
| Marc Ingram | Services | 7.x-3.3 | — |
| Marc Ingram | Services | 7.x-3.x | Dev |
References
- http://drupal.org/node/1853200Patch, Vendor Advisory
- http://drupal.org/node/1853200Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-5586?
How severe is CVE-2012-5586?
How do I fix CVE-2012-5586?
Are you affected by CVE-2012-5586?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST