Vulnerability CVE-2012-2730


Published: 2012-06-26   Modified: 2012-06-27

Description:
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.

See advisories in our WLB2 database:
Topic
Author
Date
High
Drupal Protected Node 6.x Access Bypass
Martin Barbella
14.06.2012

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Alexis wilke
Product: Protected node 
Version:
6.x-1.x
6.x-1.5
6.x-1.4
6.x-1.3
6.x-1.2
6.x-1.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://drupal.org/node/1632918
http://drupal.org/node/1258034
http://xforce.iss.net/xforce/xfdb/76291
http://www.securityfocus.com/bid/54001
http://www.osvdb.org/82984
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://secunia.com/advisories/49509

Copyright 2019, cxsecurity.com

 

Back to Top