Description
The Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data. This vulnerability exposes actual user names, so defensive strategies to protect usernams (such as using aliases, or the RealName (http://drupal.org/project/realname) module) cannot protect against this exposure. This method is particularly useful for finding the Drupal super user account (id 1) and other accounts that might not be exposed anywhere on the public facing site.
Remediation
Apply the patch provided in the web reference section.
References
Related Vulnerabilities
CubeCart Session Fixation Vulnerability (CVE-2021-33394)
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
MySQL CVE-2024-21193 Vulnerability (CVE-2024-21193)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1893)