Lucene search

PRIOn knowledge basePRION:CVE-2012-2724

HistoryJan 09, 2020 - 8:15 p.m.

Design/Logic Flaw

2020-01-0920:15:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.7%

JSON

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

CPENameOperatorVersion
simplenewseq7.x-1.0 alpha1
simplenewseq6.120.12
simplenewseq6.x-1.0 beta1
simplenewseq6.x-1.0 rc3
simplenewseq6.x-1.0 beta3
simplenewseq7.x-1.0 alpha2
simplenewseq6.x-1.0 rc5
simplenewseq6.x-1.0 beta5
simplenewseq6.x-1.0 rc6
simplenewseq6.x-1.0 rc4

Name	Operator	Version
simplenews	eq	7.x-1.0 alpha1
simplenews	eq	6.120.12
simplenews	eq	6.x-1.0 beta1
simplenews	eq	6.x-1.0 rc3
simplenews	eq	6.x-1.0 beta3
simplenews	eq	7.x-1.0 alpha2
simplenews	eq	6.x-1.0 rc5
simplenews	eq	6.x-1.0 beta5
simplenews	eq	6.x-1.0 rc6
simplenews	eq	6.x-1.0 rc4

Rows per page:

1-10 of 241

References

drupalcode.org/project/simplenews.git/commitdiff/36352c1

drupalcode.org/project/simplenews.git/commitdiff/6d5704c

drupalcode.org/project/simplenews.git/commitdiff/faec6a6

www.openwall.com/lists/oss-security/2012/06/14/3

www.securityfocus.com/bid/53839

drupal.org/node/1619812

drupal.org/node/1619818

drupal.org/node/1619820

drupal.org/node/1619848

exchange.xforce.ibmcloud.com/vulnerabilities/76143