4
CVE-2012-1590
- EPSS 1.37%
- Veröffentlicht 01.10.2012 00:55:00
- Zuletzt bearbeitet 16.06.2026 23:39:49
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.37% | 0.682 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
http://drupal.org/node/1557938
http://secunia.com/advisories/49012
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
http://drupal.org/drupal-7.14
http://drupal.org/node/1302404
http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
http://www.securityfocus.com/bid/53359