Lucene search

[email protected]CVE-2012-1635

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-1635

2022-10-0316:15:25

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-1635

drupal

security vulnerability

access control

remote attack

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.0%

JSON

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

Affected configurations

NVD

Node

rik_de_boerrevisioningMatch7.x-1.0

rik_de_boerrevisioningMatch7.x-1.0alpha1

rik_de_boerrevisioningMatch7.x-1.0alpha2

rik_de_boerrevisioningMatch7.x-1.0alpha3

rik_de_boerrevisioningMatch7.x-1.0alpha4

rik_de_boerrevisioningMatch7.x-1.0alpha5

rik_de_boerrevisioningMatch7.x-1.0beta1

rik_de_boerrevisioningMatch7.x-1.0beta10

rik_de_boerrevisioningMatch7.x-1.0beta11

rik_de_boerrevisioningMatch7.x-1.0beta2

rik_de_boerrevisioningMatch7.x-1.0beta3

rik_de_boerrevisioningMatch7.x-1.0beta4

rik_de_boerrevisioningMatch7.x-1.0beta5

rik_de_boerrevisioningMatch7.x-1.0beta6

rik_de_boerrevisioningMatch7.x-1.0beta7

rik_de_boerrevisioningMatch7.x-1.0beta8

rik_de_boerrevisioningMatch7.x-1.0beta9

rik_de_boerrevisioningMatch7.x-1.1

rik_de_boerrevisioningMatch7.x-1.2

rik_de_boerrevisioningMatch7.x-1.x

rik_de_boerrevisioningMatch7.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
rik_de_boer:revisioningrik de boer revisioningeq7.x-1.0
rik_de_boer:revisioningrik de boer revisioningeq7.x-1.1
rik_de_boer:revisioningrik de boer revisioningeq7.x-1.2
rik_de_boer:revisioningrik de boer revisioningeq7.x-1.x

CPE	Name	Operator	Version
rik_de_boer:revisioning	rik de boer revisioning	eq	7.x-1.0
rik_de_boer:revisioning	rik de boer revisioning	eq	7.x-1.1
rik_de_boer:revisioning	rik de boer revisioning	eq	7.x-1.2
rik_de_boer:revisioning	rik de boer revisioning	eq	7.x-1.x

References

drupal.org/node/1407456

www.openwall.com/lists/oss-security/2012/04/07/1

drupal.org/node/1409268

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2012-1635

prion1 cvelist1 nvd1 drupal1