Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1635

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-1635
Last Modified 29 Aug 2012 12:00:00
Published 28 Aug 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1635

Summary

The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

Vulnerable Systems

Application

  • Rik De Boer Revisioning 7.x-1.0

  • Rik De Boer Revisioning 7.x-1.1

  • Rik De Boer Revisioning 7.x-1.2

  • Rik De Boer Revisioning 7.x-1.x


References

MISC - https://drupal.org/node/1409268

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

CONFIRM - http://drupal.org/node/1407456


Last Updated: 27 May 2016 11:00:23