Medium severity5.3NVD Advisory· Published Jan 9, 2020· Updated Jun 16, 2026
CVE-2012-2724
CVE-2012-2724
Description
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1
- Range: 6.x-1.x before 6.x-1.4
Patches
Vulnerability mechanics
References
10- drupal.org/node/1619812nvdThird Party Advisory
- drupal.org/node/1619818nvdThird Party Advisory
- drupal.org/node/1619820nvdThird Party Advisory
- drupal.org/node/1619848nvdThird Party Advisory
- drupalcode.org/project/simplenews.git/commitdiff/36352c1nvdPermissions RequiredThird Party Advisory
- drupalcode.org/project/simplenews.git/commitdiff/6d5704cnvdPermissions RequiredThird Party Advisory
- drupalcode.org/project/simplenews.git/commitdiff/faec6a6nvdPermissions RequiredThird Party Advisory
- www.openwall.com/lists/oss-security/2012/06/14/3nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/53839nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/76143nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.