Lucene search

K
cve[email protected]CVE-2012-4500
HistoryOct 31, 2012 - 4:55 p.m.

CVE-2012-4500

2012-10-3116:55:03
CWE-264
web.nvd.nist.gov
22
cve-2012-4500
announcements module
drupal
remote authenticated users
node access restrictions
nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the “access announcements” permission to bypass node access restrictions and possibly have other unspecified impact.

Affected configurations

NVD
Node
nancy_wichmannannouncementsMatch6.x-1.0
OR
nancy_wichmannannouncementsMatch6.x-1.0beta
OR
nancy_wichmannannouncementsMatch6.x-1.1
OR
nancy_wichmannannouncementsMatch6.x-1.2
OR
nancy_wichmannannouncementsMatch6.x-1.3
OR
nancy_wichmannannouncementsMatch6.x-1.4
OR
nancy_wichmannannouncementsMatch6.x-1.xdev
AND
drupaldrupalMatch-

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.1%

Related for CVE-2012-4500