Lucene search
HistoryAug 14, 2012 - 10:55 p.m.
CVE-2012-2304
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.007
Percentile
79.8%
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected configurations
Node
emil_stjernemanlinkitMatch7.x-2.0
ORemil_stjernemanlinkitMatch7.x-2.0beta1
ORemil_stjernemanlinkitMatch7.x-2.0beta2
ORemil_stjernemanlinkitMatch7.x-2.1
ORemil_stjernemanlinkitMatch7.x-2.2
ORemil_stjernemanlinkitMatch7.x-2.3
drupaldrupalMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emil_stjerneman | linkit | 7.x-2.0 | cpe:2.3:a:emil_stjerneman:linkit:7.x-2.0:*:*:*:*:*:*:* |
| emil_stjerneman | linkit | 7.x-2.0 | cpe:2.3:a:emil_stjerneman:linkit:7.x-2.0:beta1:*:*:*:*:*:* |
| emil_stjerneman | linkit | 7.x-2.0 | cpe:2.3:a:emil_stjerneman:linkit:7.x-2.0:beta2:*:*:*:*:*:* |
| emil_stjerneman | linkit | 7.x-2.1 | cpe:2.3:a:emil_stjerneman:linkit:7.x-2.1:*:*:*:*:*:*:* |
| emil_stjerneman | linkit | 7.x-2.2 | cpe:2.3:a:emil_stjerneman:linkit:7.x-2.2:*:*:*:*:*:*:* |
| emil_stjerneman | linkit | 7.x-2.3 | cpe:2.3:a:emil_stjerneman:linkit:7.x-2.3:*:*:*:*:*:*:* |
| drupal | drupal | - | cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2012-08-14 22:55:00
cvelist
cvelist
CVE-2012-2304
2012-08-14 22:00:00
cve
cve
CVE-2012-2304
2012-08-14 22:55:02
drupal
drupal
SA-CONTRIB-2012-067 - Linkit - Access bypass
2012-04-25 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.007
Percentile
79.8%
Related for NVD:CVE-2012-2304