CVE-2009-3568 Information

Description

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2 a module for Drupal does not properly enforce permissions when a link is added to the RSS feed which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.

Reference

http://drupal.org/node/579280 http://drupal.org/node/579290 http://drupal.org/node/579292 http://secunia.com/advisories/36787 http://www.osvdb.org/58177 http://www.securityfocus.com/bid/36429