WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3170)

Description

The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Books Gallery Unspecified Vulnerability (4.4.1)

Drupal Core 5.x Local File Inclusion (5.0 - 5.11)

GlassFish CVE-2012-0104 Vulnerability (CVE-2012-0104)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-43169)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5479)

Severity

Medium

Classification

CVE-2016-3170 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities