CVE-2012-2724

MEDIUM

Simplenews < 6.x-1.4/6.x-2.0-alpha4/7.x-1.0-rc1 - Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.

References (10)

Core 10
Core References
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619818
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619820
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619848
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/06/14/3
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619812
Permissions Required, Third Party Advisory x_refsource_misc
http://drupalcode.org/project/simplenews.git/commitdiff/36352c1
Permissions Required, Third Party Advisory x_refsource_misc
http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c
Permissions Required, Third Party Advisory x_refsource_misc
http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/53839
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/76143

Scores

CVSS v3 5.3
EPSS 0.0245
EPSS Percentile 82.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (7)
md-systems/simplenews 6.x-1.0 (12 CPE variants)
md-systems/simplenews 6.x-1.1
md-systems/simplenews 6.x-1.2
md-systems/simplenews 6.x-1.3
md-systems/simplenews 6.x-2.0 alpha1 (3 CPE variants)
md-systems/simplenews 6.x-2.x dev
md-systems/simplenews 7.x-1.0 (5 CPE variants)
Published Jan 09, 2020
Tracked Since Feb 18, 2026