5

CVE-2012-2720

The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.

Data is provided by the National Vulnerability Database (NVD)
Adam RossTokenauth Version6.x-1.0
   DrupalDrupal Version-
Adam RossTokenauth Version6.x-1.1
   DrupalDrupal Version-
Adam RossTokenauth Version6.x-1.3
   DrupalDrupal Version-
Adam RossTokenauth Version6.x-1.4
   DrupalDrupal Version-
Adam RossTokenauth Version6.x-1.5
   DrupalDrupal Version-
Adam RossTokenauth Version6.x-1.6
   DrupalDrupal Version-
Adam RossTokenauth Version6.x-1.x Updatedev
   DrupalDrupal Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.57% 0.66
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
http://drupal.org/node/1619808
Patch
Vendor Advisory