CVE-2012-2153

medium

Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

References

http://www.securityfocus.com/bid/53362

http://www.mandriva.com/security/advisories?name=MDVSA-2013:074

http://secunia.com/advisories/49012

http://drupalcode.org/project/drupal.git/commit/c6d2b8311b82fe78d18732f01a68ceca3dea50af

http://drupal.org/node/1558478

http://drupal.org/node/1557938

http://drupal.org/drupal-7.14

Details

Source: Mitre, NVD

Published: 2012-10-01

Updated: 2013-12-13

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium