CVE-2012-4498

The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://drupal.org/node/1762152	Patch
http://drupal.org/node/1762160	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:morbus_iff:activism:6.x-2.0:::::::*
	cpe:2.3:a:morbus_iff:activism:6.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-11-02 15:55

Updated : 2024-02-28 12:00

NVD link : CVE-2012-4498

Mitre link : CVE-2012-4498

CVE.ORG link : CVE-2012-4498

JSON object : View

Products Affected

drupal

drupal

morbus_iff

activism

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-4498", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-02T15:55:01.450", "references": [{"url": "http://drupal.org/node/1762152", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://drupal.org/node/1762160", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the \"Campaign\" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact."}, {"lang": "es", "value": "El m\u00f3dulo Activism v6.x-2.x antes de v6.x-2.1 para Drupal no restringe adecuadamente el acceso al tipo de contenido \"Campa\u00f1a\", lo que podr\u00eda permitir a atacantes remotos evitar las restricciones de acceso y posiblemente tener un impacto no especificado."}], "lastModified": "2012-11-06T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:morbus_iff:activism:6.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01CD24FD-153E-4D5A-A08A-D0D3E41C7117"}, {"criteria": "cpe:2.3:a:morbus_iff:activism:6.x-2.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD6BC7BA-F326-4098-A896-37018D1F777B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}