CVE-2014-9154

EUVD-2014-8979
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
notify_projectnotify
7.x-1.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.drupal.org/node/2320693
https://www.drupal.org/node/2320741
https://www.drupal.org/node/2320693
https://www.drupal.org/node/2320741