Lucene search

[email protected]CVE-2012-5586

HistoryDec 26, 2012 - 5:55 p.m.

CVE-2012-5586

2012-12-2617:55:02

CWE-264

[email protected]

web.nvd.nist.gov

drupal

services module

cve-2012-5586

security

vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.4%

JSON

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “access user profiles” permission to access arbitrary users’ emails via vectors related to the “user index method” and “the path to the user resource.”

Affected configurations

NVD

Node

marc_ingramservicesMatch6.x-3.0

marc_ingramservicesMatch6.x-3.0alpha1

marc_ingramservicesMatch6.x-3.0beta1

marc_ingramservicesMatch6.x-3.0beta2

marc_ingramservicesMatch6.x-3.0rc1

marc_ingramservicesMatch6.x-3.0rc2

marc_ingramservicesMatch6.x-3.0rc3

marc_ingramservicesMatch6.x-3.0rc4

marc_ingramservicesMatch6.x-3.0unstable1

marc_ingramservicesMatch6.x-3.0unstable2

marc_ingramservicesMatch6.x-3.0unstable3

marc_ingramservicesMatch6.x-3.1

marc_ingramservicesMatch6.x-3.2

marc_ingramservicesMatch6.x-3.xdev

AND

drupaldrupalMatch-

Node

marc_ingramservicesMatch7.x-3.0

marc_ingramservicesMatch7.x-3.0beta1

marc_ingramservicesMatch7.x-3.0beta2

marc_ingramservicesMatch7.x-3.0rc1

marc_ingramservicesMatch7.x-3.0rc2

marc_ingramservicesMatch7.x-3.0rc3

marc_ingramservicesMatch7.x-3.0rc4

marc_ingramservicesMatch7.x-3.0rc5

marc_ingramservicesMatch7.x-3.0rc6

marc_ingramservicesMatch7.x-3.1

marc_ingramservicesMatch7.x-3.2

marc_ingramservicesMatch7.x-3.3

marc_ingramservicesMatch7.x-3.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
marc_ingram:servicesmarc ingram serviceseq6.x-3.0
marc_ingram:servicesmarc ingram serviceseq6.x-3.1
marc_ingram:servicesmarc ingram serviceseq6.x-3.2
marc_ingram:servicesmarc ingram serviceseq6.x-3.x

CPE	Name	Operator	Version
marc_ingram:services	marc ingram services	eq	6.x-3.0
marc_ingram:services	marc ingram services	eq	6.x-3.1
marc_ingram:services	marc ingram services	eq	6.x-3.2
marc_ingram:services	marc ingram services	eq	6.x-3.x

References

drupal.org/node/1842022

drupal.org/node/1842026

drupal.org/node/1853200

www.openwall.com/lists/oss-security/2012/11/29/2

www.securityfocus.com/bid/56723

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for CVE-2012-5586

cvelist1 drupal1 prion1 nvd1