Description
The Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data. This vulnerability exposes actual user names, so defensive strategies to protect usernams (such as using aliases, or the RealName (http://drupal.org/project/realname) module) cannot protect against this exposure. This method is particularly useful for finding the Drupal super user account (id 1) and other accounts that might not be exposed anywhere on the public facing site.
Remediation
Apply the patch provided in the web reference section.
References
Related Vulnerabilities
OpenSSL Resource Management Errors Vulnerability (CVE-2016-6308)
MySQL CVE-2016-0596 Vulnerability (CVE-2016-0596)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10202)
MySQL CVE-2021-2087 Vulnerability (CVE-2021-2087)
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)