CVE-2012-5586

EUVD-2012-5473
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.1:x
marc_ingramservices
6.x-3.2:x
marc_ingramservices
6.x-3.x:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.1:x
marc_ingramservices
7.x-3.2:x
marc_ingramservices
7.x-3.3:x
marc_ingramservices
7.x-3.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1842022
http://drupal.org/node/1842026
http://drupal.org/node/1853200
http://www.openwall.com/lists/oss-security/2012/11/29/2
http://www.securityfocus.com/bid/56723
http://drupal.org/node/1842022
http://drupal.org/node/1842026
http://drupal.org/node/1853200
http://www.openwall.com/lists/oss-security/2012/11/29/2
http://www.securityfocus.com/bid/56723