PRIOn knowledge basePRION:CVE-2012-2303

HistoryJul 18, 2012 - 6:55 p.m.

Information disclosure

2012-07-1818:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.1%

JSON

The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.

CPENameOperatorVersion
spaceseq6.120.30
spaceseq6.x-3.0 beta3
spaceseq6.x-3.0 beta4
spaceseq6.x-3.0 beta2
spaceseq6.x-3.0 alpha2
spaceseq6.x-3.0 beta1
spaceseq6.x-3.0 beta6
spaceseq6.x-3.0 r2
spaceseq6.x-3.0 alpha1
spaceseq6.x-3.0 r1

Name	Operator	Version
spaces	eq	6.120.30
spaces	eq	6.x-3.0 beta3
spaces	eq	6.x-3.0 beta4
spaces	eq	6.x-3.0 beta2
spaces	eq	6.x-3.0 alpha2
spaces	eq	6.x-3.0 beta1
spaces	eq	6.x-3.0 beta6
spaces	eq	6.x-3.0 r2
spaces	eq	6.x-3.0 alpha1
spaces	eq	6.x-3.0 r1

Rows per page:

1-10 of 141

References

drupalcode.org/project/spaces.git/commitdiff/cee919c

secunia.com/advisories/48930

www.openwall.com/lists/oss-security/2012/05/03/1

www.openwall.com/lists/oss-security/2012/05/03/2

www.osvdb.org/81556

www.securityfocus.com/bid/53252

drupal.org/node/1547730

drupal.org/node/1547736