SB2013010301 - Access bypass in Drupal Drupal
Published: January 3, 2013 Updated: September 15, 2016
Security Bulletin ID
SB2013010301
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Access bypass (CVE-ID: CVE-2012-5651)
The vulnerability allows a remote user to get access to valid user's search results.The weakness exists due to access control error and allows to see the blocked users in search results reguardless user's priveleges.
Successful exploitation of the vulnerability results in appearing of blocked users in search results.
Remediation
Install update from vendor's website.