Lucene search
HistoryJul 18, 2012 - 6:55 p.m.
CVE-2012-2303
cve-2012-2303
drupal
spaces module
remote attackers
sensitive information
nvd
6.6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.0%
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
Affected configurations
Node
florian_weberspacesMatch6.x-3.0
ORflorian_weberspacesMatch6.x-3.0alpha1
ORflorian_weberspacesMatch6.x-3.0alpha2
ORflorian_weberspacesMatch6.x-3.0beta1
ORflorian_weberspacesMatch6.x-3.0beta2
ORflorian_weberspacesMatch6.x-3.0beta3
ORflorian_weberspacesMatch6.x-3.0beta4
ORflorian_weberspacesMatch6.x-3.0beta5
ORflorian_weberspacesMatch6.x-3.0beta6
ORflorian_weberspacesMatch6.x-3.0r1
ORflorian_weberspacesMatch6.x-3.0r2
ORflorian_weberspacesMatch6.x-3.1
ORflorian_weberspacesMatch6.x-3.2
ORflorian_weberspacesMatch6.x-3.3
drupaldrupalMatch-
Related
nvd
nvd
CVE-2012-2303
2012-07-18 18:55:03
cvelist
cvelist
CVE-2012-2303
2012-07-18 18:00:00
prion
prion
Information disclosure
2012-07-18 18:55:00
drupal
drupal
SA-CONTRIB-2012-066 - Spaces and Spaces OG - Access Bypass
2012-04-25 00:00:00
6.6 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.0%
Related for CVE-2012-2303