CVE-2012-5586

Published Dec 26, 2012

Last updated 3 months ago

CVSS info 2.1

Overview

Description: The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8709726B-3CC9-4149-8FFA-57ACB47E1232"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F8D4108-3D6C-4443-A27E-A0853A5398B5"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E59520DC-4B1D-4C78-846F-4A7E092C0B04"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0FF092C-EC93-4371-820B-3A25C0BEF666"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3149C6F6-9C91-4A8E-BEC0-B476D9B3CF1E"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB1E5589-AD4C-4535-B4E2-12665B8A6C45"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8705011-0A2A-43CD-8FA8-D09DE0DFB586"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68E4D950-4F4E-4323-B18B-EEFCDB8F5D54"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F75AD2A4-8CFB-4598-9D7B-C311731C49C8"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21599548-D154-4AC6-9700-2AD02281B097"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "990E06E3-3164-4A83-AAC0-64E39B02BD65"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D9B12B8-1A47-48CD-9439-842EC59C8560"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA3972A6-A0CC-4F61-A6FF-D0B8B5139559"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF42B77-B1EB-4B06-941C-FC414568E0BC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0401AB3-8CD3-4191-BD67-FDEF8AC389E7"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8F3E689-9099-4B52-A521-C9933CEC3A83"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF87F785-B660-4471-8525-8C38E4B1ED0D"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92E55B94-035B-4C95-844A-994FC9098DA8"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F178FBC3-11A0-4341-B930-7FD45F2E9391"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFC242C4-3283-4D6D-B69F-869E971D2102"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1A2F122-6D2C-42BC-8DA5-BBD19CE5FC5A"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57C52124-9EF2-448B-B768-A9CAAAF4F9A6"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35055934-F01E-44DF-906B-B0B23BDBE9EA"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82C2C7C6-AE59-4BCF-8296-591D6DBFD907"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "840E97FC-3BA3-43C9-AB0B-49267D75F529"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41060BF1-EFD1-449D-8D41-C6B898058DFE"
          },
          {
            "criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32EBEE31-40E3-40A2-8FCB-EF726A1451EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References