Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1590

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-1590
Last Modified 12 Dec 2013 11:58:15
Published 30 Sep 2012 08:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-1590

Summary

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Vulnerable Systems

Application

  • Drupal 7.0

  • Drupal 7.1

  • Drupal 7.10

  • Drupal 7.11

  • Drupal 7.12

  • Drupal 7.13

  • Drupal 7.2

  • Drupal 7.3

  • Drupal 7.4

  • Drupal 7.5

  • Drupal 7.6

  • Drupal 7.7

  • Drupal 7.8

  • Drupal 7.9

  • Drupal 7.x-dev


References

CONFIRM - http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5

CONFIRM - http://drupal.org/node/1557938

CONFIRM - http://drupal.org/node/1302404

CONFIRM - http://drupal.org/drupal-7.14

BID - 53359

SECUNIA - 49012

MANDRIVA - MDVSA-2013:074


Last Updated: 27 May 2016 11:00:49