VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 1, 2014· Updated May 6, 2026

CVE-2014-9154

CVE-2014-9154

Description

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titles, teasers, and fields by reading a notification email.

Affected products

12
  • Notify Project/Notify12 versions
    cpe:2.3:a:notify_project:notify:7.x-1.0:alpha1:*:*:*:drupal:*:*+ 11 more
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha1:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha2:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha3:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha4:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha5:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha6:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha7:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha8:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:alpha9:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:rc1:*:*:*:drupal:*:*
    • cpe:2.3:a:notify_project:notify:7.x-1.0:rc2:*:*:*:drupal:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.