Arbitrary Email Access Vulnerability in Drupal Services Module

Arbitrary Email Access Vulnerability in Drupal Services Module

CVE-2012-5586 · LOW Severity

AV:N/AC:H/AU:S/C:P/I:N/A:N

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource."

Learn more about our User Device Pen Test.