Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4483

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4483
Last Modified 13 Nov 2012 12:00:00
Published 31 Oct 2012 12:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4483

Summary

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.

Vulnerable Systems

Application

  • Acquia Commons 6.x-2.4

  • Acquia Commons 6.x-2.5

  • Acquia Commons 6.x-2.6

  • Acquia Commons 6.x-2.7

  • Acquia Commons 6.x-2.x


References

MLIST - [oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules

MLIST - [oss-security] 20121004 CVE Request for Drupal Contributed Modules

CONFIRM - http://drupalcode.org/project/commons.git/commitdiff/8ef688b

CONFIRM - http://drupal.org/node/1679908

MISC - http://drupal.org/node/1679820


Last Updated: 27 May 2016 10:47:18