Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-4486
cve
2012
4486
cross-site request forgery
csrf
vulnerability
subuser module
drupal
hijack
authentication
remote attackers
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.0%
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
Affected configurations
Node
boombatowersubuserRange≤6.x-1.7
ORboombatowersubuserMatch6.x-1.0
ORboombatowersubuserMatch6.x-1.1
ORboombatowersubuserMatch6.x-1.2
ORboombatowersubuserMatch6.x-1.3
ORboombatowersubuserMatch6.x-1.4
ORboombatowersubuserMatch6.x-1.5
ORboombatowersubuserMatch6.x-1.6
ORboombatowersubuserMatch6.x-1.xdev
drupaldrupalMatch-
Related
nvd
nvd
CVE-2012-4486
2012-11-02 15:55:01
cvelist
cvelist
CVE-2012-4486
2022-10-03 16:15:32
prion
prion
Cross site request forgery (csrf)
2012-11-02 15:55:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.0%
Related for CVE-2012-4486