The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
[
{
"product": "Flippy",
"vendor": "Flippy",
"versions": [
{
"status": "affected",
"version": "7.x-1.x before 7.x-1.2"
}
]
}
]