PT-2012-6036 · Drupal · Services
Forest Monsen
·
Publicado
2012-12-26
·
Atualizado
2013-02-26
·
CVE-2012-5586
CVSS v2.0
2.1
Baixa
| Vetor | AV:N/AC:H/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Services module versions 6.x-3.x before 6.x-3.3
Services module versions 7.x-3.x before 7.x-3.3
Description
The issue allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the
user index method and the path to the user resource.Recommendations
For Services module versions 6.x-3.x before 6.x-3.3, update to version 6.x-3.3 or later.
For Services module versions 7.x-3.x before 7.x-3.3, update to version 7.x-3.3 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Services