6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.5%
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
secunia.com/advisories/49012
www.mandriva.com/security/advisories?name=MDVSA-2013:074
www.securityfocus.com/bid/53359
drupal.org/drupal-7.14
drupal.org/node/1302404
drupal.org/node/1557938