Lucene search

RedhatCVE-2012-4500

HistoryOct 31, 2012 - 4:55 p.m.

CVE-2012-4500

2012-10-3116:55:03

CWE-264

redhat

web.nvd.nist.gov

cve-2012-4500

announcements module

drupal

remote authenticated users

node access restrictions

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

52.1%

JSON

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the “access announcements” permission to bypass node access restrictions and possibly have other unspecified impact.

Affected configurations

Nvd

Node

nancy_wichmannannouncementsMatch6.x-1.0

nancy_wichmannannouncementsMatch6.x-1.0beta

nancy_wichmannannouncementsMatch6.x-1.1

nancy_wichmannannouncementsMatch6.x-1.2

nancy_wichmannannouncementsMatch6.x-1.3

nancy_wichmannannouncementsMatch6.x-1.4

nancy_wichmannannouncementsMatch6.x-1.xdev

AND

drupaldrupalMatch-

VendorProductVersionCPE
nancy_wichmannannouncements6.x-1.0cpe:2.3:a:nancy_wichmann:announcements:6.x-1.0:*:*:*:*:*:*:*
nancy_wichmannannouncements6.x-1.0cpe:2.3:a:nancy_wichmann:announcements:6.x-1.0:beta:*:*:*:*:*:*
nancy_wichmannannouncements6.x-1.1cpe:2.3:a:nancy_wichmann:announcements:6.x-1.1:*:*:*:*:*:*:*
nancy_wichmannannouncements6.x-1.2cpe:2.3:a:nancy_wichmann:announcements:6.x-1.2:*:*:*:*:*:*:*
nancy_wichmannannouncements6.x-1.3cpe:2.3:a:nancy_wichmann:announcements:6.x-1.3:*:*:*:*:*:*:*
nancy_wichmannannouncements6.x-1.4cpe:2.3:a:nancy_wichmann:announcements:6.x-1.4:*:*:*:*:*:*:*
nancy_wichmannannouncements6.x-1.xcpe:2.3:a:nancy_wichmann:announcements:6.x-1.x:dev:*:*:*:*:*:*
drupaldrupal-cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nancy_wichmann	announcements	6.x-1.0	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.0:::::::*
nancy_wichmann	announcements	6.x-1.0	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.0:beta::::::
nancy_wichmann	announcements	6.x-1.1	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.1:::::::*
nancy_wichmann	announcements	6.x-1.2	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.2:::::::*
nancy_wichmann	announcements	6.x-1.3	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.3:::::::*
nancy_wichmann	announcements	6.x-1.4	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.4:::::::*
nancy_wichmann	announcements	6.x-1.x	cpe:2.3:a:nancy_wichmann:announcements:6.x-1.x:dev::::::
drupal	drupal	-	cpe:2.3:a:drupal:drupal:-:::::::*

References

drupal.org/node/1761038

drupal.org/node/1762480

www.openwall.com/lists/oss-security/2012/10/04/6

www.openwall.com/lists/oss-security/2012/10/07/1

www.securityfocus.com/bid/55283

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.002

Percentile

52.1%

JSON

Related for CVE-2012-4500