CVE-2012-5586

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the access user profiles permission to access arbitrary users emails via vectors related to the user index method and the path to the user resource.

Affected Software

Name	Vendor	Start Version	End Version
Services	Marc_ingram	6.x-3.0 (including)	6.x-3.0 (including)
Services	Marc_ingram	6.x-3.0-alpha1 (including)	6.x-3.0-alpha1 (including)
Services	Marc_ingram	6.x-3.0-beta1 (including)	6.x-3.0-beta1 (including)
Services	Marc_ingram	6.x-3.0-beta2 (including)	6.x-3.0-beta2 (including)
Services	Marc_ingram	6.x-3.0-rc1 (including)	6.x-3.0-rc1 (including)
Services	Marc_ingram	6.x-3.0-rc2 (including)	6.x-3.0-rc2 (including)
Services	Marc_ingram	6.x-3.0-rc3 (including)	6.x-3.0-rc3 (including)
Services	Marc_ingram	6.x-3.0-rc4 (including)	6.x-3.0-rc4 (including)
Services	Marc_ingram	6.x-3.0-unstable1 (including)	6.x-3.0-unstable1 (including)
Services	Marc_ingram	6.x-3.0-unstable2 (including)	6.x-3.0-unstable2 (including)
Services	Marc_ingram	6.x-3.0-unstable3 (including)	6.x-3.0-unstable3 (including)
Services	Marc_ingram	6.x-3.1 (including)	6.x-3.1 (including)
Services	Marc_ingram	6.x-3.2 (including)	6.x-3.2 (including)
Services	Marc_ingram	6.x-3.x-dev (including)	6.x-3.x-dev (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5586
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References