PT-2012-3930 · Janrain+1 · Janrain Engage+1

Greg Knaddison

Published

2012-07-25

Updated

2017-08-29

CVE-2012-2296

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Janrain Engage module for Drupal versions 6.x-1.x, 6.x-2.x before 6.x-2.2, 7.x-2.x before 7.x-2.2

Description The issue allows remote attackers to potentially obtain sensitive information by leveraging a separate vulnerability, as the Janrain Engage module stores user profile data from Engage in session tables.

Recommendations For versions 6.x-1.x, update to a version with the necessary security fixes. For versions 6.x-2.x before 6.x-2.2, update to version 6.x-2.2 or later. For versions 7.x-2.x before 7.x-2.2, update to version 7.x-2.2 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-2296

Affected Products

Drupal

Janrain Engage

PT-2012-3930 · Janrain+1 · Janrain Engage+1

CVE-2012-2296

Weakness Enumeration

Related Identifiers

Affected Products

References · 8