CVE-2012-2296
Janrain Engage for Drupal 6.x/7.x < 2.2 - Sensitive Information Exposure
Title source: llmDescription
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://drupal.org/node/1515114
Patch, Vendor Advisory x_refsource_misc
http://drupal.org/node/1515282
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/04/10/12
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/2
Patch x_refsource_confirm
http://drupal.org/node/1515120
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74616
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/03/1
Scores
EPSS
0.0156
EPSS Percentile
72.3%
Details
CWE
CWE-200
Status
published
Products (9)
janrain/rpx
6.x-1.0 beta1 (4 CPE variants)
janrain/rpx
6.x-1.1 rc2
janrain/rpx
6.x-1.2 (2 CPE variants)
janrain/rpx
6.x-1.3
janrain/rpx
6.x-1.4
janrain/rpx
6.x-2.1 (6 CPE variants)
janrain/rpx
7.x-2.0
janrain/rpx
7.x-2.1 (5 CPE variants)
janrain/rpx
7.x-2.x dev
Published
Jul 25, 2012
Tracked Since
Feb 18, 2026