Required CVE Record Information
Description
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.
References 7 Total
- http://drupal.org/node/1515282
- http://drupal.org/node/1515114
- openwall.com: [oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) mailing-list
- openwall.com: [oss-security] 20120502 Re: CVE Request for Drupal contributed modules mailing-list
- http://drupal.org/node/1515120
- exchange.xforce.ibmcloud.com: janrain-drupalcontent-info-disclosure(74616) vdb-entry
- openwall.com: [oss-security] 20120502 CVE Request for Drupal contributed modules mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- http://drupal.org/node/1515282 x_transferred
- http://drupal.org/node/1515114 x_transferred
- openwall.com: [oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) mailing-listx_transferred
- openwall.com: [oss-security] 20120502 Re: CVE Request for Drupal contributed modules mailing-listx_transferred
- http://drupal.org/node/1515120 x_transferred
- exchange.xforce.ibmcloud.com: janrain-drupalcontent-info-disclosure(74616) vdb-entryx_transferred
- openwall.com: [oss-security] 20120502 CVE Request for Drupal contributed modules mailing-listx_transferred