Skip to main content

Drupal Notify Module Information Disclosure Security Issue

Last Update Date: 19 Aug 2014 10:17 Release Date: 19 Aug 2014 3952 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

 A security issue has been identified in the Notify module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.

The security issue is caused due to the module not properly verifying permissions when handling notification emails and can be exploited to disclose otherwise restricted information related to nodes.

Successful exploitation requires the site to use some form of access control and must be configured to include nodes with protected content in notifications.


Impact

  • Information Disclosure

System / Technologies affected

 

  • Notify 7.x-1.0.
  • Drupal core is not affected. 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to Notify 7.x-1.1.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link