The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-01T16:00:00Z
Updated: 2024-09-17T03:44:05.984Z
Reserved: 2014-12-01T00:00:00Z
Link: CVE-2014-9154
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-12-01T16:59:05.067
Modified: 2014-12-05T16:32:24.930
Link: CVE-2014-9154
Redhat
No data.