Lucene search

[email protected]NVD:CVE-2014-9154

HistoryDec 01, 2014 - 4:59 p.m.

CVE-2014-9154

2014-12-0116:59:05

CWE-200

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.8%

JSON

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.

Affected configurations

NVD

Node

notify_projectnotifyMatch7.x-1.0drupal

notify_projectnotifyMatch7.x-1.0alpha1drupal

notify_projectnotifyMatch7.x-1.0alpha2drupal

notify_projectnotifyMatch7.x-1.0alpha3drupal

notify_projectnotifyMatch7.x-1.0alpha4drupal

notify_projectnotifyMatch7.x-1.0alpha5drupal

notify_projectnotifyMatch7.x-1.0alpha6drupal

notify_projectnotifyMatch7.x-1.0alpha7drupal

notify_projectnotifyMatch7.x-1.0alpha8drupal

notify_projectnotifyMatch7.x-1.0alpha9drupal

notify_projectnotifyMatch7.x-1.0rc1drupal

notify_projectnotifyMatch7.x-1.0rc2drupal

References

www.drupal.org/node/2320693

www.drupal.org/node/2320741

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.8%

JSON

Related for NVD:CVE-2014-9154

drupal1 prion1 cvelist1 cve1