← back
CVE-2012-5586

CVE-2012-5586

EPSS 1.0%
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://drupal.org/node/1842022http://drupal.org/node/1842026http://drupal.org/node/1853200http://www.openwall.com/lists/oss-security/2012/11/29/2http://www.securityfocus.com/bid/56723