CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
55.3%
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “access user profiles” permission to access arbitrary users’ emails via vectors related to the “user index method” and “the path to the user resource.”
Vendor | Product | Version | CPE |
---|---|---|---|
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:*:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:alpha1:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:beta1:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:beta2:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc1:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc2:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc3:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc4:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable1:*:*:*:*:*:* |
marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable2:*:*:*:*:*:* |