Lucene search

[email protected]NVD:CVE-2012-5589

HistoryDec 26, 2012 - 5:55 p.m.

CVE-2012-5589

2012-12-2617:55:02

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

49.0%

JSON

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.

Affected configurations

Nvd

Node

netgeniusmultilinkMatch6.x-2.0

netgeniusmultilinkMatch6.x-2.1

netgeniusmultilinkMatch6.x-2.2

netgeniusmultilinkMatch6.x-2.3

netgeniusmultilinkMatch6.x-2.4

netgeniusmultilinkMatch6.x-2.5

netgeniusmultilinkMatch6.x-2.6

AND

drupaldrupalMatch-

Node

netgeniusmultilinkMatch7.x-2.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
netgeniusmultilink6.x-2.0cpe:2.3:a:netgenius:multilink:6.x-2.0:*:*:*:*:*:*:*
netgeniusmultilink6.x-2.1cpe:2.3:a:netgenius:multilink:6.x-2.1:*:*:*:*:*:*:*
netgeniusmultilink6.x-2.2cpe:2.3:a:netgenius:multilink:6.x-2.2:*:*:*:*:*:*:*
netgeniusmultilink6.x-2.3cpe:2.3:a:netgenius:multilink:6.x-2.3:*:*:*:*:*:*:*
netgeniusmultilink6.x-2.4cpe:2.3:a:netgenius:multilink:6.x-2.4:*:*:*:*:*:*:*
netgeniusmultilink6.x-2.5cpe:2.3:a:netgenius:multilink:6.x-2.5:*:*:*:*:*:*:*
netgeniusmultilink6.x-2.6cpe:2.3:a:netgenius:multilink:6.x-2.6:*:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
netgeniusmultilink7.x-2.xcpe:2.3:a:netgenius:multilink:7.x-2.x:dev:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgenius	multilink	6.x-2.0	cpe:2.3:a:netgenius:multilink:6.x-2.0:::::::*
netgenius	multilink	6.x-2.1	cpe:2.3:a:netgenius:multilink:6.x-2.1:::::::*
netgenius	multilink	6.x-2.2	cpe:2.3:a:netgenius:multilink:6.x-2.2:::::::*
netgenius	multilink	6.x-2.3	cpe:2.3:a:netgenius:multilink:6.x-2.3:::::::*
netgenius	multilink	6.x-2.4	cpe:2.3:a:netgenius:multilink:6.x-2.4:::::::*
netgenius	multilink	6.x-2.5	cpe:2.3:a:netgenius:multilink:6.x-2.5:::::::*
netgenius	multilink	6.x-2.6	cpe:2.3:a:netgenius:multilink:6.x-2.6:::::::*
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*
netgenius	multilink	7.x-2.x	cpe:2.3:a:netgenius:multilink:7.x-2.x:dev::::::

References

drupal.org/node/1289292

drupal.org/node/1289294

drupal.org/node/1853244

www.openwall.com/lists/oss-security/2012/11/29/2

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

49.0%

JSON

Related for NVD:CVE-2012-5589

drupal1 cvelist1 cve1 prion1