{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-01T16:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.drupal.org/node/2320741"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/2320693"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9154", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.drupal.org/node/2320741", "refsource": "MISC", "url": "https://www.drupal.org/node/2320741"}, {"name": "https://www.drupal.org/node/2320693", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/2320693"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:33:13.648Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.drupal.org/node/2320741"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/2320693"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9154", "datePublished": "2014-12-01T16:00:00.000Z", "dateReserved": "2014-12-01T00:00:00.000Z", "dateUpdated": "2024-09-17T03:44:05.984Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:*:*:*:*:drupal:*:*", "matchCriteriaId": "5C161390-DDDC-42CE-BAB8-38B8F9C3119B", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha1:*:*:*:drupal:*:*", "matchCriteriaId": "F7E3F98C-EFF7-427B-BBBE-D8B331BF5D6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha2:*:*:*:drupal:*:*", "matchCriteriaId": "C97DC798-65FE-4F5D-B3F2-AC53696ED63C", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha3:*:*:*:drupal:*:*", "matchCriteriaId": "A52072C4-937D-417F-86C7-793DC2EE71C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha4:*:*:*:drupal:*:*", "matchCriteriaId": "0C5ADB6E-58B1-4C3B-BE55-161AB99AE4AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha5:*:*:*:drupal:*:*", "matchCriteriaId": "06A87070-F6B8-463D-B778-919AC40B52A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha6:*:*:*:drupal:*:*", "matchCriteriaId": "131B3F2F-6DE4-4625-807E-69F706693498", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha7:*:*:*:drupal:*:*", "matchCriteriaId": "118B1E0F-8932-4B25-A0FE-F8F2033B90D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha8:*:*:*:drupal:*:*", "matchCriteriaId": "00EDCA57-477D-48C0-8304-29A932141C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:alpha9:*:*:*:drupal:*:*", "matchCriteriaId": "11C71591-862B-40A5-AF5E-88348D92E00F", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:rc1:*:*:*:drupal:*:*", "matchCriteriaId": "7F6A7C22-49D1-411B-96BA-CCF03F1396FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:notify_project:notify:7.x-1.0:rc2:*:*:*:drupal:*:*", "matchCriteriaId": "9F0F47FE-099B-456D-A460-EB5D5A2C4400", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email."}, {"lang": "es", "value": "El m\u00f3dulo Notify 7.x-1.x anterior a 7.x-1.1 para Drupal no restringe correctamente el acceso a (1) nodos nuevos o (2) modificados o (3) sus campos, lo que permite a usuarios remotos autenticados obtener los t\u00edtulos, teasers y campos de nodos mediante la lectura de un email de notificaci\u00f3n."}], "id": "CVE-2014-9154", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-01T16:59:05.067", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.drupal.org/node/2320693"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2320741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.drupal.org/node/2320693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/node/2320741"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}