← back
CVE-2012-2724

CVE-2012-2724

EPSS 2.5%
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Affected products
Simplenews · Simplenews

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupalcode.org/project/simplenews.git/commitdiff/36352c1http://drupalcode.org/project/simplenews.git/commitdiff/6d5704chttp://drupalcode.org/project/simplenews.git/commitdiff/faec6a6http://drupal.org/node/1619812http://drupal.org/node/1619818http://drupal.org/node/1619820http://drupal.org/node/1619848https://exchange.xforce.ibmcloud.com/vulnerabilities/76143http://www.openwall.com/lists/oss-security/2012/06/14/3http://www.securityfocus.com/bid/53839