Vigil@nce - Drupal Notify: information disclosure via e-mail
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker may receive by e-mail from Drupal Notify article
summaries that he should not know.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 14/08/2014
DESCRIPTION OF THE VULNERABILITY
The Notify module can be installed on Drupal.
However, the module do not rightly check access rights to
articles, it send notifications about.
An attacker may therefore receive by e-mail from Drupal Notify
article summaries that he should not know.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Notify-information-disclosure-via-e-mail-15181