CVE-2014-9154

Drupal Notify module <7.x-1.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2320741
Patch x_refsource_confirm
https://www.drupal.org/node/2320693

Scores

EPSS 0.0094
EPSS Percentile 56.6%

Details

CWE
CWE-200
Status published
Products (1)
notify_project/notify 7.x-1.0 (12 CPE variants)
Published Dec 01, 2014
Tracked Since Feb 18, 2026