Lucene search

RedhatCVELIST:CVE-2012-2724

HistoryJan 09, 2020 - 7:51 p.m.

CVE-2012-2724

2020-01-0919:51:42

redhat

www.cve.org

AI Score

5.2

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

CNA Affected

[
  {
    "product": "Simplenews",
    "vendor": "Simplenews",
    "versions": [
      {
        "status": "affected",
        "version": "6.x-1.x before 6.x-1.4"
      },
      {
        "status": "affected",
        "version": "6.x-2.x before 6.x-2.0-alpha4"
      },
      {
        "status": "affected",
        "version": "and 7.x-1.x before 7.x-1.0-rc1"
      }
    ]
  }
]

References

drupal.org/node/1619812

drupal.org/node/1619818

drupal.org/node/1619820

drupal.org/node/1619848

drupalcode.org/project/simplenews.git/commitdiff/36352c1

drupalcode.org/project/simplenews.git/commitdiff/6d5704c

drupalcode.org/project/simplenews.git/commitdiff/faec6a6

www.openwall.com/lists/oss-security/2012/06/14/3

www.securityfocus.com/bid/53839

exchange.xforce.ibmcloud.com/vulnerabilities/76143