Access bypass in Drupal - CVE-2012-1590
Published: September 15, 2016 / Updated: March 14, 2017
Vulnerability identifier: #VU471
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-1590
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows a remote user to obtain meta-data about the forum post.
The weakness is caused by access control error and allows users not having access to information before to read forum post data.
Successful exploitation of the vulnerability lead to gaining access to forum post meta-data.
The weakness is caused by access control error and allows users not having access to information before to read forum post data.
Successful exploitation of the vulnerability lead to gaining access to forum post meta-data.