Vulnerability Description
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marc Ingram | Services | 6.x-3.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1842022Patch
- http://drupal.org/node/1842026Patch
- http://drupal.org/node/1853200PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/11/29/2
- http://www.securityfocus.com/bid/56723
- http://drupal.org/node/1842022Patch
- http://drupal.org/node/1842026Patch
- http://drupal.org/node/1853200PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/11/29/2
- http://www.securityfocus.com/bid/56723
FAQ
What is CVE-2012-5586?
CVE-2012-5586 is a vulnerability with a CVSS score of 2.1 (LOW). The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vect...
How severe is CVE-2012-5586?
CVE-2012-5586 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5586?
Check the references section above for vendor advisories and patch information. Affected products include: Marc Ingram Services, Drupal Drupal.