Vulnerability Name: | CVE-2012-4483 (CCN-76878) | ||||||||
Assigned: | 2012-07-11 | ||||||||
Published: | 2012-07-11 | ||||||||
Updated: | 2012-11-13 | ||||||||
Summary: | The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-4483 Source: MISC Type: UNKNOWN http://drupal.org/node/1679820 Source: CCN Type: SA-CONTRIB-2012-113 Drupal Commons - Access Bypass Source: CONFIRM Type: Patch http://drupal.org/node/1679908 Source: CCN Type: Drupal Commons module Web Site Drupal Commons | drupal.org Source: CONFIRM Type: Patch http://drupalcode.org/project/commons.git/commitdiff/8ef688b Source: CCN Type: SA49867 Drupal Commons Module Node Comments Security Bypass Security Issue Source: MLIST Type: UNKNOWN [oss-security] 20121004 CVE Request for Drupal Contributed Modules Source: MLIST Type: UNKNOWN [oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules Source: CCN Type: OSVDB ID: 83717 Commons Module for Drupal Recent Comment Listing Access Restriction Bypass Source: CCN Type: BID-54393 Drupal Drupal Commons Module Access Security Bypass Vulnerability Source: XF Type: UNKNOWN drupalcommons-unspecified-security-bypass(76878) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |