5

CVE-2012-4483

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AcquiaCommons Version6.x-2.4
   DrupalDrupal Version-
AcquiaCommons Version6.x-2.5
   DrupalDrupal Version-
AcquiaCommons Version6.x-2.6
   DrupalDrupal Version-
AcquiaCommons Version6.x-2.7
   DrupalDrupal Version-
AcquiaCommons Version6.x-2.x Updatedev
   DrupalDrupal Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.37% 0.683
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/1679820
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1
http://drupal.org/node/1679908
Patch
http://drupalcode.org/project/commons.git/commitdiff/8ef688b
Patch