Drupal Notify Module Information Disclosure Security Issue

Last Update Date: 19 Aug 2014 10:17 Release Date: 19 Aug 2014 3780 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

 A security issue has been identified in the Notify module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.

The security issue is caused due to the module not properly verifying permissions when handling notification emails and can be exploited to disclose otherwise restricted information related to nodes.

Successful exploitation requires the site to use some form of access control and must be configured to include nodes with protected content in notifications.

Impact

  • Information Disclosure

System / Technologies affected

 

  • Notify 7.x-1.0.
  • Drupal core is not affected. 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to Notify 7.x-1.1.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Apple Safari Memory Corruption Vulnerability

14 Aug 2014 4188 Views

Next

IBM HTTP Server Multiple Vulnerabilities

26 Aug 2014 3680 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY