Lucene search

RedhatCVE-2012-2724

HistoryJan 09, 2020 - 8:15 p.m.

CVE-2012-2724

2020-01-0920:15:10

CWE-200

redhat

web.nvd.nist.gov

simplenews

drupal

email addresses

mailing list

remote attackers

sensitive information

vulnerability

cve-2012-2724

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

Affected configurations

Nvd

Vulners

Node

md-systemssimplenewsMatch6.x-1.0-drupal

md-systemssimplenewsMatch6.x-1.0beta1drupal

md-systemssimplenewsMatch6.x-1.0beta2drupal

md-systemssimplenewsMatch6.x-1.0beta3drupal

md-systemssimplenewsMatch6.x-1.0beta4drupal

md-systemssimplenewsMatch6.x-1.0beta5drupal

md-systemssimplenewsMatch6.x-1.0rc1drupal

md-systemssimplenewsMatch6.x-1.0rc2drupal

md-systemssimplenewsMatch6.x-1.0rc3drupal

md-systemssimplenewsMatch6.x-1.0rc4drupal

md-systemssimplenewsMatch6.x-1.0rc5drupal

md-systemssimplenewsMatch6.x-1.0rc6drupal

md-systemssimplenewsMatch6.x-1.1-drupal

md-systemssimplenewsMatch6.x-1.2-drupal

md-systemssimplenewsMatch6.x-1.3-drupal

md-systemssimplenewsMatch6.x-2.0alpha1drupal

md-systemssimplenewsMatch6.x-2.0alpha2drupal

md-systemssimplenewsMatch6.x-2.0alpha3drupal

md-systemssimplenewsMatch6.x-2.xdevdrupal

md-systemssimplenewsMatch7.x-1.0-drupal

md-systemssimplenewsMatch7.x-1.0alpha1drupal

md-systemssimplenewsMatch7.x-1.0alpha2drupal

md-systemssimplenewsMatch7.x-1.0beta1drupal

md-systemssimplenewsMatch7.x-1.0beta2drupal

VendorProductVersionCPE
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:-:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta1:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta2:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta3:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta4:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta5:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc1:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc2:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc3:*:*:*:drupal:*:*
md-systemssimplenews6.x-1.0cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc4:*:*:*:drupal:*:*

Vendor	Product	Version	CPE
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:-::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta1::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta2::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta3::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta4::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:beta5::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc1::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc2::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc3::::drupal::*
md-systems	simplenews	6.x-1.0	cpe:2.3:a:md-systems:simplenews:6.x-1.0:rc4::::drupal::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "product": "Simplenews",
    "vendor": "Simplenews",
    "versions": [
      {
        "status": "affected",
        "version": "6.x-1.x before 6.x-1.4"
      },
      {
        "status": "affected",
        "version": "6.x-2.x before 6.x-2.0-alpha4"
      },
      {
        "status": "affected",
        "version": "and 7.x-1.x before 7.x-1.0-rc1"
      }
    ]
  }
]

References

drupal.org/node/1619812

drupal.org/node/1619818

drupal.org/node/1619820

drupal.org/node/1619848

drupalcode.org/project/simplenews.git/commitdiff/36352c1

drupalcode.org/project/simplenews.git/commitdiff/6d5704c

drupalcode.org/project/simplenews.git/commitdiff/faec6a6

www.openwall.com/lists/oss-security/2012/06/14/3

www.securityfocus.com/bid/53839

exchange.xforce.ibmcloud.com/vulnerabilities/76143

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for CVE-2012-2724