CVE-2007-4436

Name of the Vulnerable Software and Affected Versions Drupal Project module versions prior to 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 Project issue tracking module versions prior to 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4

Description The issue allows remote attackers to obtain sensitive information through various means, including the Tracker Module and the Recent posts page, unspecified vectors to obtain project names, the statistics pages, and reading CVS project activity.

Recommendations For Drupal Project module versions prior to 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3, update to version 5.x-1.0 or later, 4.7.x-2.3 or later, and 4.7.x-1.3 or later. For Project issue tracking module versions prior to 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4, update to version 5.x-1.0 or later, 4.7.x-2.4 or later, and 4.7.x-1.4 or later.