Main Vulnerability Database SB2012100105

SB2012100105 - Access bypass in Drupal Drupal

Published: October 1, 2012 Updated: March 14, 2017

Security Bulletin ID SB2012100105

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Access bypass (CVE-ID: CVE-2012-2153)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerabiity allows a remote privileged user to get access to nodes from the list on site at admin/content.
The weakness exists due to access control error and leads to obtaining nodes of content administration.
Successful exploitation of the vulnerability allows user to acces content nodes.

Remediation

Install update from vendor's website.

References

https://www.drupal.org/SA-CORE-2012-002