Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-9154
cve-2014-9154
drupal
notify module
security
unauthorized access
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.8%
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.
Affected configurations
Node
notify_projectnotifyMatch7.x-1.0drupal
ORnotify_projectnotifyMatch7.x-1.0alpha1drupal
ORnotify_projectnotifyMatch7.x-1.0alpha2drupal
ORnotify_projectnotifyMatch7.x-1.0alpha3drupal
ORnotify_projectnotifyMatch7.x-1.0alpha4drupal
ORnotify_projectnotifyMatch7.x-1.0alpha5drupal
ORnotify_projectnotifyMatch7.x-1.0alpha6drupal
ORnotify_projectnotifyMatch7.x-1.0alpha7drupal
ORnotify_projectnotifyMatch7.x-1.0alpha8drupal
ORnotify_projectnotifyMatch7.x-1.0alpha9drupal
ORnotify_projectnotifyMatch7.x-1.0rc1drupal
ORnotify_projectnotifyMatch7.x-1.0rc2drupal
| CPE | Name | Operator | Version |
|---|---|---|---|
| notify_project:notify | notify project notify | eq | 7.x-1.0 |
Related
prion
prion
Code injection
2014-12-01 16:59:00
drupal
drupal
SA-CONTRIB-2014-078 - Notify - Access bypass
2014-08-13 00:00:00
cvelist
cvelist
CVE-2014-9154
2022-10-03 16:20:40
nvd
nvd
CVE-2014-9154
2014-12-01 16:59:05
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.8%
Related for CVE-2014-9154