CVE-2012-5557

Sažetak

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.

Reference

http://drupal.org/node/1840038
http://drupal.org/node/1840054
http://drupal.org/node/1840886
http://www.openwall.com/lists/oss-security/2012/11/20/4

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

04-12-2012 - 05:00

Objavljeno

03-12-2012 - 21:55