CVE-2012-5586

{"id": "CVE-2012-5586", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-26T17:55:02.190", "references": [{"url": "http://drupal.org/node/1842022", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1842026", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1853200", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/11/29/2", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/56723", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the \"access user profiles\" permission to access arbitrary users' emails via vectors related to the \"user index method\" and \"the path to the user resource.\""}, {"lang": "es", "value": "El m\u00f3dulo Services v6.x-3.x antes de v6.x-3.3 y v7.x-3.x antes de v7.x-3.3 para Drupal permite a usuarios remotos autenticados con el permiso de \"acceso a perfiles de usuario\" para acceder a correos electr\u00f3nicos de usuarios de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"m\u00e9todo del \u00edndice de usuario\" y \"la ruta de acceso al recurso de usuario\".\r\n"}], "lastModified": "2013-02-26T04:52:04.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8709726B-3CC9-4149-8FFA-57ACB47E1232"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F8D4108-3D6C-4443-A27E-A0853A5398B5"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E59520DC-4B1D-4C78-846F-4A7E092C0B04"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FF092C-EC93-4371-820B-3A25C0BEF666"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3149C6F6-9C91-4A8E-BEC0-B476D9B3CF1E"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB1E5589-AD4C-4535-B4E2-12665B8A6C45"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8705011-0A2A-43CD-8FA8-D09DE0DFB586"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68E4D950-4F4E-4323-B18B-EEFCDB8F5D54"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F75AD2A4-8CFB-4598-9D7B-C311731C49C8"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21599548-D154-4AC6-9700-2AD02281B097"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.0:unstable3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "990E06E3-3164-4A83-AAC0-64E39B02BD65"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D9B12B8-1A47-48CD-9439-842EC59C8560"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3972A6-A0CC-4F61-A6FF-D0B8B5139559"}, {"criteria": "cpe:2.3:a:marc_ingram:services:6.x-3.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF42B77-B1EB-4B06-941C-FC414568E0BC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0401AB3-8CD3-4191-BD67-FDEF8AC389E7"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F3E689-9099-4B52-A521-C9933CEC3A83"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF87F785-B660-4471-8525-8C38E4B1ED0D"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92E55B94-035B-4C95-844A-994FC9098DA8"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F178FBC3-11A0-4341-B930-7FD45F2E9391"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC242C4-3283-4D6D-B69F-869E971D2102"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A2F122-6D2C-42BC-8DA5-BBD19CE5FC5A"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57C52124-9EF2-448B-B768-A9CAAAF4F9A6"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.0:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35055934-F01E-44DF-906B-B0B23BDBE9EA"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82C2C7C6-AE59-4BCF-8296-591D6DBFD907"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "840E97FC-3BA3-43C9-AB0B-49267D75F529"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41060BF1-EFD1-449D-8D41-C6B898058DFE"}, {"criteria": "cpe:2.3:a:marc_ingram:services:7.x-3.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32EBEE31-40E3-40A2-8FCB-EF726A1451EA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}