Description

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Remediation

References

CVE-2012-1590

Related Vulnerabilities

Oracle Application Server CVE-2007-5516 Vulnerability (CVE-2007-5516)

IBMHttpServer Other Vulnerability (CVE-2004-0263)

MySQL CVE-2016-0596 Vulnerability (CVE-2016-0596)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000362)

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

Severity

Medium

Classification

CVE-2012-1590 CWE-264

Tags

Missing Update Known Vulnerabilities