Vulnerability Name: | CVE-2012-0827 (CCN-72929) | ||||||||
Assigned: | 2012-02-01 | ||||||||
Published: | 2012-02-01 | ||||||||
Updated: | 2013-10-29 | ||||||||
Summary: | The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-0827 Source: CCN Type: Drupal Web Site Drupal - Open Source CMS | drupal.org Source: CCN Type: DRUPAL-SA-CORE-2012-001 Drupal core multiple vulnerabilities Source: CCN Type: SA47796 Drupal Security Issue and Security Bypass Vulnerability Source: CCN Type: BID-51822 Drupal Core Multiple Security Vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory https://drupal.org/node/1425084 Source: XF Type: UNKNOWN file-access-security-bypass(72929) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |