Vigil@nce - Drupal Commerce: email address disclosure
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read some email addresses of Drupal Commerce, in
order to obtain sensitive information.
Impacted products: Drupal Modules
Severity: 1/4
Creation date: 11/09/2014
DESCRIPTION OF THE VULNERABILITY
The Commerce module can be installed on Drupal.
Users can have their email address in the field for their name.
However, this field is public.
An attacker can therefore read some email addresses of Drupal
Commerce, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Commerce-email-address-disclosure-15336