|Description||The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||low (attack range: remote)|
|Debian Bugs||698333, 698334|
Vulnerable and fixed packages
The table below lists information on source packages.
|drupal7 (PTS)||jessie (security), jessie||7.32-1+deb8u12||fixed|
|stretch (security), stretch||7.52-2+deb9u4||fixed|
The information below is based on the following data on fixed versions.