CVE-2012-1590

Sažetak

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Reference

http://drupal.org/drupal-7.14
http://drupal.org/node/1302404
http://drupal.org/node/1557938
http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
http://secunia.com/advisories/49012
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
http://www.securityfocus.com/bid/53359

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-12-2013 - 04:58

Objavljeno

01-10-2012 - 00:55