The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the view own orders permission to obtain sensitive information via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubercart | Ubercart | 7.x-3.0 (including) | 7.x-3.0 (including) |
| Ubercart | Ubercart | 7.x-3.0-alpha1 (including) | 7.x-3.0-alpha1 (including) |
| Ubercart | Ubercart | 7.x-3.0-alpha2 (including) | 7.x-3.0-alpha2 (including) |
| Ubercart | Ubercart | 7.x-3.0-alpha3 (including) | 7.x-3.0-alpha3 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta1 (including) | 7.x-3.0-beta1 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta2 (including) | 7.x-3.0-beta2 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta3 (including) | 7.x-3.0-beta3 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta4 (including) | 7.x-3.0-beta4 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc1 (including) | 7.x-3.0-rc1 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc2 (including) | 7.x-3.0-rc2 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc3 (including) | 7.x-3.0-rc3 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc4 (including) | 7.x-3.0-rc4 (including) |
| Ubercart | Ubercart | 7.x-3.1 (including) | 7.x-3.1 (including) |
| Ubercart | Ubercart | 7.x-3.2 (including) | 7.x-3.2 (including) |
| Ubercart | Ubercart | 7.x-3.3 (including) | 7.x-3.3 (including) |
| Ubercart | Ubercart | 7.x-3.4 (including) | 7.x-3.4 (including) |
| Ubercart | Ubercart | 7.x-3.5 (including) | 7.x-3.5 (including) |
| Ubercart | Ubercart | 7.x-3.6 (including) | 7.x-3.6 (including) |
| Ubercart | Ubercart | 7.x-3.7 (including) | 7.x-3.7 (including) |
| Ubercart | Ubercart | 7.x-3.x-dev (including) | 7.x-3.x-dev (including) |