Lucene search
RedhatCVE-2012-5586HistoryDec 26, 2012 - 5:55 p.m.
CVE-2012-5586
2012-12-2617:55:02
CWE-264
redhat
web.nvd.nist.gov
27
drupal
services module
cve-2012-5586
security
vulnerability
nvd
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
55.3%
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the “access user profiles” permission to access arbitrary users’ emails via vectors related to the “user index method” and “the path to the user resource.”
Affected configurations
Node
marc_ingramservicesMatch6.x-3.0
ORmarc_ingramservicesMatch6.x-3.0alpha1
ORmarc_ingramservicesMatch6.x-3.0beta1
ORmarc_ingramservicesMatch6.x-3.0beta2
ORmarc_ingramservicesMatch6.x-3.0rc1
ORmarc_ingramservicesMatch6.x-3.0rc2
ORmarc_ingramservicesMatch6.x-3.0rc3
ORmarc_ingramservicesMatch6.x-3.0rc4
ORmarc_ingramservicesMatch6.x-3.0unstable1
ORmarc_ingramservicesMatch6.x-3.0unstable2
ORmarc_ingramservicesMatch6.x-3.0unstable3
ORmarc_ingramservicesMatch6.x-3.1
ORmarc_ingramservicesMatch6.x-3.2
ORmarc_ingramservicesMatch6.x-3.xdev
drupaldrupalMatch-
Node
marc_ingramservicesMatch7.x-3.0
ORmarc_ingramservicesMatch7.x-3.0beta1
ORmarc_ingramservicesMatch7.x-3.0beta2
ORmarc_ingramservicesMatch7.x-3.0rc1
ORmarc_ingramservicesMatch7.x-3.0rc2
ORmarc_ingramservicesMatch7.x-3.0rc3
ORmarc_ingramservicesMatch7.x-3.0rc4
ORmarc_ingramservicesMatch7.x-3.0rc5
ORmarc_ingramservicesMatch7.x-3.0rc6
ORmarc_ingramservicesMatch7.x-3.1
ORmarc_ingramservicesMatch7.x-3.2
ORmarc_ingramservicesMatch7.x-3.3
ORmarc_ingramservicesMatch7.x-3.xdev
drupaldrupalMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:*:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:alpha1:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:beta1:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:beta2:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc1:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc2:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc3:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:rc4:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable1:*:*:*:*:*:* |
| marc_ingram | services | 6.x-3.0 | cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable2:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2012-5586
2012-12-26 17:55:02
cvelist
cvelist
CVE-2012-5586
2012-12-26 17:00:00
drupal
drupal
SA-CONTRIB-2012-168 - Services - Information Disclosure
2012-11-28 00:00:00
prion
prion
Design/Logic Flaw
2012-12-26 17:55:00
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
55.3%
Related for CVE-2012-5586