NVD

Id
35914  
Name
CVE-2014-9154  
Description
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-12-01  
Modified Date
2014-12-05  
Seq
2014-9154  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
183858 35914 CVE-2014-9154 https://www.drupal.org/node/2320693  View
183859 35914 CVE-2014-9154 https://www.drupal.org/node/2320741  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16843 JVNDB-2014-005718 Drupal 用 Notify モジュールにおけるノードのタイトルを取得される脆弱性 Drupal 用 Notify モジュールは、(1) new または (2) modified node または (3) their field を適切に制限しないため、ノードのタイトル、teaser、および field を取得される脆弱性が存在します。 CVE-2014-9154 76447 CVE-2014-9154 35914 4 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005718.html 2014-08-13 2014-12-02 View