CVE-2012-2724
MEDIUMSimplenews < 6.x-1.4/6.x-2.0-alpha4/7.x-1.0-rc1 - Sensitive Information Exposure
Title source: llmDescription
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
References (10)
Core 10
Core References
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619818
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619820
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619848
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2012/06/14/3
Third Party Advisory x_refsource_misc
http://drupal.org/node/1619812
Permissions Required, Third Party Advisory x_refsource_misc
http://drupalcode.org/project/simplenews.git/commitdiff/36352c1
Permissions Required, Third Party Advisory x_refsource_misc
http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c
Permissions Required, Third Party Advisory x_refsource_misc
http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/53839
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/76143
Scores
CVSS v3
5.3
EPSS
0.0245
EPSS Percentile
82.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (7)
md-systems/simplenews
6.x-1.0 (12 CPE variants)
md-systems/simplenews
6.x-1.1
md-systems/simplenews
6.x-1.2
md-systems/simplenews
6.x-1.3
md-systems/simplenews
6.x-2.0 alpha1 (3 CPE variants)
md-systems/simplenews
6.x-2.x dev
md-systems/simplenews
7.x-1.0 (5 CPE variants)
Published
Jan 09, 2020
Tracked Since
Feb 18, 2026