GHSA-vpm6-h53m-x2xf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vpm6-h53m-x2xf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vpm6-h53m-x2xf/GHSA-vpm6-h53m-x2xf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vpm6-h53m-x2xf
- Aliases
-
- CVE-2012-2153
- Published
- 2022-05-17T04:56:41Z
- Modified
- 2023-11-08T03:57:05.005987Z
- Summary
- Drupal improper access restrictions
- Details
-
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
- Database specific
{ "nvd_published_at": "2012-10-01T00:55:00Z", "cwe_ids": [ "CWE-284" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-29T21:31:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-2153
- https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074
- https://web.archive.org/web/20200229101926/http://www.securityfocus.com/bid/53362
- http://drupal.org/drupal-7.14
- http://drupal.org/node/1557938
- http://drupal.org/node/1558478
- http://drupalcode.org/project/drupal.git/commit/c6d2b8311b82fe78d18732f01a68ceca3dea50af
Affected packages
Packagist / drupal/drupal
Package
- Name
- drupal/drupal
- Purl
- pkg:composer/drupal/drupal