Notify
Monthly
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.