Description
The Views module contains an information disclosure vulnerability due to the fact that it allows access to user profile data. This vulnerability exposes actual user names, so defensive strategies to protect usernams (such as using aliases, or the RealName (http://drupal.org/project/realname) module) cannot protect against this exposure. This method is particularly useful for finding the Drupal super user account (id 1) and other accounts that might not be exposed anywhere on the public facing site.
Remediation
Apply the patch provided in the web reference section.
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2014-3622)
Oracle Application Server CVE-2006-3714 Vulnerability (CVE-2006-3714)
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)
MySQL CVE-2014-4214 Vulnerability (CVE-2014-4214)
Atlassian Jira Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-39127)