5.7 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.5%
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
drupal.org/drupal-7.14
drupal.org/node/1302404
drupal.org/node/1557938
drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
secunia.com/advisories/49012
www.mandriva.com/security/advisories?name=MDVSA-2013:074
www.securityfocus.com/bid/53359