← Voltar para CVEs
CVE-2012-1635
N/ADescricao
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado8/28/2012
Ultima modificacao4/11/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
drupal:drupalrik_de_boer:revisioning
Fraquezas (CWE)
CWE-264
Referencias
http://drupal.org/node/1407456(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2012/04/07/1(secalert@redhat.com)
https://drupal.org/node/1409268(secalert@redhat.com)
http://drupal.org/node/1407456(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2012/04/07/1(af854a3a-2127-422b-91ae-364da2661108)
https://drupal.org/node/1409268(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.