CVE-2012-5586

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.0:x
marc_ingramservices
6.x-3.1:x
marc_ingramservices
6.x-3.2:x
marc_ingramservices
6.x-3.x:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.0:x
marc_ingramservices
7.x-3.1:x
marc_ingramservices
7.x-3.2:x
marc_ingramservices
7.x-3.3:x
marc_ingramservices
7.x-3.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1842022
http://drupal.org/node/1842026
http://drupal.org/node/1853200
http://www.openwall.com/lists/oss-security/2012/11/29/2
http://www.securityfocus.com/bid/56723
http://drupal.org/node/1842022
http://drupal.org/node/1842026
http://drupal.org/node/1853200
http://www.openwall.com/lists/oss-security/2012/11/29/2
http://www.securityfocus.com/bid/56723