3 matches found
CVE-2014-9154
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to 1 new or 2 modified nodes or 3 their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email...
CVE-2014-9154
The CVE-2014-9154 entry concerns the Drupal Notify module (7.x-1.x) prior to version 7.x-1.1. The vulnerability arises because the module does not properly restrict access to new or modified nodes and their fields, enabling remote authenticated users to view node titles, teasers, and fields by re...
SA-CONTRIB-2014-078 - Notify - Access bypass
The notify module allows users to subscribe to periodic emails which include all new or revised content and/or comments of specific content types, much like the daily newsletters sent by some websites. The Notify module does not sufficiently check whether the user has access to recently added or...