Lucene search

K
cvelistRedhatCVELIST:CVE-2012-1635
HistoryAug 28, 2012 - 4:00 p.m.

CVE-2012-1635

2012-08-2816:00:00
redhat
www.cve.org
6
drupal
revisioning module
access restrictions
remote attackers
cve-2012-1635

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

64.6%

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

64.6%

Related for CVELIST:CVE-2012-1635