Information Disclosure Vulnerability in Drupal Project Module and Issue Tracking Module
CVE-2007-4436

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module; Project
Vendor: CVE Published:; 20 August 2007

What is CVE-2007-4436?

The Drupal Project and Issue Tracking Modules prior to specified versions do not properly enforce permissions, allowing remote attackers to exploit vulnerabilities that lead to unauthorized access to sensitive information. This includes potential exposure of project names, statistics pages, and CVS project activities, thus posing a risk of information disclosure.

References

http://www.securityfocus.com/bid/25364

vdb-entryx_refsource_BID

http://secunia.com/advisories/26510

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/39632

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2007
Vulnerability Reserved
Aug 20, 2007