The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
References
Link | Resource |
---|---|
http://drupal.org/node/1903264 | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2013/02/05/1 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-03-27 14:55
Updated : 2013-03-27 21:00
NVD link : CVE-2013-0257
Mitre link : CVE-2013-0257
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
david_alkire
- email2image
drupal
- drupal