Lucene search

[email protected]CVE-2012-2707

HistoryJun 27, 2012 - 12:55 a.m.

CVE-2012-2707

2012-06-2700:55:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2707

hostmaster module

aegir module

drupal

access restrictions

bypass

remote attackers

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.

Affected configurations

NVD

Node

antoine_beauprehostmasterMatch6.x-1.2

antoine_beauprehostmasterMatch6.x-1.3

antoine_beauprehostmasterMatch6.x-1.4

antoine_beauprehostmasterMatch6.x-1.5

antoine_beauprehostmasterMatch6.x-1.6

antoine_beauprehostmasterMatch6.x-1.7

antoine_beauprehostmasterMatch6.x-1.8

antoine_beauprehostmasterMatch6.x-1.xdev

AND

drupaldrupalMatch-

CPENameOperatorVersion
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.2
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.3
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.4
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.5
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.6
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.7
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.8
antoine_beaupre:hostmasterantoine beaupre hostmastereq6.x-1.x

CPE	Name	Operator	Version
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.2
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.3
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.4
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.5
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.6
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.7
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.8
antoine_beaupre:hostmaster	antoine beaupre hostmaster	eq	6.x-1.x

References

community.aegirproject.org/1.9

drupal.org/node/1585658

drupal.org/node/1585678

drupalcode.org/project/hostmaster.git/commitdiff/8a61101

www.openwall.com/lists/oss-security/2012/06/14/3

www.securityfocus.com/bid/53588

exchange.xforce.ibmcloud.com/vulnerabilities/75715

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for CVE-2012-2707

cvelist1 prion1 nvd1 drupal1