GitHub Advisory DatabaseGHSA-96VX-QF28-6F8MDrupal Access Control Bypass
7.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.3%
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
| CPE | Name | Operator | Version |
|---|---|---|---|
| drupal/core | lt | 7.3 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385
drupal.org/node/1204582
lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html
lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html
www.openwall.com/lists/oss-security/2011/07/11/2
www.openwall.com/lists/oss-security/2011/07/12/16
bugzilla.redhat.com/show_bug.cgi?id=717874
github.com/advisories/GHSA-96vx-qf28-6f8m
nvd.nist.gov/vuln/detail/CVE-2011-2687
web.archive.org/web/20110710024036/www.securityfocus.com/bid/48505
Related
7.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.3%