Lucene search

[email protected]CVE-2012-2716

HistoryJun 21, 2012 - 3:55 p.m.

CVE-2012-2716

2012-06-2115:55:13

CWE-352

[email protected]

web.nvd.nist.gov

csrf

vulnerability

comment moderation module

drupal

authentication

admins

comment publishing

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.

Affected configurations

NVD

Node

david_stosikcomment_moderationMatch6.x-1.0

david_stosikcomment_moderationMatch6.x-1.x-dev

AND

drupaldrupalMatch-

CPENameOperatorVersion
david_stosik:comment_moderationdavid stosik comment moderationeq6.x-1.0
david_stosik:comment_moderationdavid stosik comment moderationeq6.x-1.x-dev

CPE	Name	Operator	Version
david_stosik:comment_moderation	david stosik comment moderation	eq	6.x-1.0
david_stosik:comment_moderation	david stosik comment moderation	eq	6.x-1.x-dev

References

drupal.org/node/1538768

drupal.org/node/1608822

drupalcode.org/project/comment_moderation.git/commitdiff/f18c3de

osvdb.org/82434

secunia.com/advisories/49326

www.securityfocus.com/bid/53738

exchange.xforce.ibmcloud.com/vulnerabilities/75998

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.6%

JSON

Related for CVE-2012-2716

drupal1 cvelist1 prion1 nvd1