PT-2020-7210 · Drupal · Simplenews
Published
2020-01-09
·
Updated
2020-01-28
·
CVE-2012-2724
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Simplenews module versions 6.x-1.x through 6.x-1.3
Simplenews module versions 6.x-2.x through 6.x-2.0-alpha3
Simplenews module versions 7.x-1.x through 7.x-1.0-rc0
Description
The issue allows remote attackers to obtain sensitive information, specifically the email addresses of new mailing list subscribers, when confirmation is required. This is achieved via the confirmation page.
Recommendations
For Simplenews module versions 6.x-1.x through 6.x-1.3, update to version 6.x-1.4 or later.
For Simplenews module versions 6.x-2.x through 6.x-2.0-alpha3, update to version 6.x-2.0-alpha4 or later.
For Simplenews module versions 7.x-1.x through 7.x-1.0-rc0, update to version 7.x-1.0-rc1 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplenews