Lucene search

[email protected]CVE-2012-2724

HistoryJan 09, 2020 - 8:15 p.m.

CVE-2012-2724

2020-01-0920:15:10

CWE-200

[email protected]

web.nvd.nist.gov

simplenews

drupal

email addresses

mailing list

remote attackers

sensitive information

vulnerability

cve-2012-2724

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

Affected configurations

Vulners

NVD

Node

simplenewssimplenewsRange6.0–6.0

simplenewssimplenewsRange7.0–7.0

VendorProductVersionCPE
simplenewssimplenews*cpe:2.3:a:simplenews:simplenews:*:*:*:*:*:*:*:*
simplenewssimplenews*cpe:2.3:a:simplenews:simplenews:*:*:*:*:*:*:*:*
simplenewssimplenews*cpe:2.3:a:simplenews:simplenews:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simplenews	simplenews	*	cpe:2.3:a:simplenews:simplenews::::::::
simplenews	simplenews	*	cpe:2.3:a:simplenews:simplenews::::::::
simplenews	simplenews	*	cpe:2.3:a:simplenews:simplenews::::::::

CNA Affected

[
  {
    "product": "Simplenews",
    "vendor": "Simplenews",
    "versions": [
      {
        "status": "affected",
        "version": "6.x-1.x before 6.x-1.4"
      },
      {
        "status": "affected",
        "version": "6.x-2.x before 6.x-2.0-alpha4"
      },
      {
        "status": "affected",
        "version": "and 7.x-1.x before 7.x-1.0-rc1"
      }
    ]
  }
]

References

drupal.org/node/1619812

drupal.org/node/1619818

drupal.org/node/1619820

drupal.org/node/1619848

drupalcode.org/project/simplenews.git/commitdiff/36352c1

drupalcode.org/project/simplenews.git/commitdiff/6d5704c

drupalcode.org/project/simplenews.git/commitdiff/faec6a6

www.openwall.com/lists/oss-security/2012/06/14/3

www.securityfocus.com/bid/53839

exchange.xforce.ibmcloud.com/vulnerabilities/76143

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2012-2724

prion1 cvelist1 drupal1 nvd1