Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-1635

Опубликовано: 28 авг. 2012
Источник: nvd
CVSS2: 6.4
EPSS Низкий

Описание

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha5:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta10:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta11:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta9:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:*:*:*:*:*:*:*
cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.00152
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-9gm4-526j-24wq

github
около 3 лет назад

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

EPSS

Процентиль: 37%
0.00152
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264