Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1635


Vulnerability Score 6.4 6.4
CVE Id CVE-2012-1635
Last Modified 29 Aug 2012 12:00:00
Published 28 Aug 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.

Vulnerable Systems


  • Rik De Boer Revisioning 7.x-1.0

  • Rik De Boer Revisioning 7.x-1.1

  • Rik De Boer Revisioning 7.x-1.2

  • Rik De Boer Revisioning 7.x-1.x



MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)


Last Updated: 27 May 2016 11:00:23