CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
74.9%
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.
Vendor | Product | Version | CPE |
---|---|---|---|
acquia | commons | 6.x-2.4 | cpe:2.3:a:acquia:commons:6.x-2.4:*:*:*:*:*:*:* |
acquia | commons | 6.x-2.5 | cpe:2.3:a:acquia:commons:6.x-2.5:*:*:*:*:*:*:* |
acquia | commons | 6.x-2.6 | cpe:2.3:a:acquia:commons:6.x-2.6:*:*:*:*:*:*:* |
acquia | commons | 6.x-2.7 | cpe:2.3:a:acquia:commons:6.x-2.7:*:*:*:*:*:*:* |
acquia | commons | 6.x-2.x | cpe:2.3:a:acquia:commons:6.x-2.x:dev:*:*:*:*:*:* |
drupal | drupal | - | cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:* |