CVE-2016-3170: Information Exposure

April 12, 2016 (updated April 14, 2016)

The have you forgotten your password links in the User module in Drupal allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

References

www.drupal.org/SA-CORE-2016-001

Detect and mitigate CVE-2016-3170 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →