CVE-2012-1590 Information

Description

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Reference

http://drupal.org/drupal-7.14 http://drupal.org/node/1302404 http://drupal.org/node/1557938 http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5 http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53359