fkie_nvd - fkie_cve-2012-1590

fkie_cve-2012-1590

Vulnerability from fkie_nvd

Published

2012-10-01 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

References

URL	Tags
secalert@redhat.com	http://drupal.org/drupal-7.14	Vendor Advisory
secalert@redhat.com	http://drupal.org/node/1302404	Patch
secalert@redhat.com	http://drupal.org/node/1557938	Vendor Advisory
secalert@redhat.com	http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5	Exploit
secalert@redhat.com	http://secunia.com/advisories/49012
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
secalert@redhat.com	http://www.securityfocus.com/bid/53359
af854a3a-2127-422b-91ae-364da2661108	http://drupal.org/drupal-7.14	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://drupal.org/node/1302404	Patch
af854a3a-2127-422b-91ae-364da2661108	http://drupal.org/node/1557938	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49012
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53359

Impacted products

Vendor	Product	Version
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.0
drupal	drupal	7.1
drupal	drupal	7.2
drupal	drupal	7.3
drupal	drupal	7.4
drupal	drupal	7.5
drupal	drupal	7.6
drupal	drupal	7.7
drupal	drupal	7.8
drupal	drupal	7.9
drupal	drupal	7.10
drupal	drupal	7.11
drupal	drupal	7.12
drupal	drupal	7.13
drupal	drupal	7.x-dev

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C33CAB-4633-418C-B162-20A2EC24E8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "CC3B1750-17AD-4386-B6EE-1AFC9CDFB6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "9E0C1873-22A6-4CE9-853D-2A40BD3D9E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "9F6DF608-0DA2-455F-AD28-7BE4A7548E48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "7BCC306D-EB5D-4784-B0B1-B4F9370796F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "5639A5F3-CD18-451C-BA5A-3336C42BED83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "5B0A10CA-F59E-48AC-97E9-8476F63BAEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*",
              "matchCriteriaId": "07B7917C-5934-4AFF-B3DB-BE9B099B27FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "16731B53-3CD1-4B98-947B-7621162D8DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "BD738402-A50E-4AEB-8F42-607F52DE5540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "199AC10C-6E65-409B-8658-E26240B27E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*",
              "matchCriteriaId": "2B378BEF-B070-4955-A6B3-8F2ACBA96832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "19EC9A36-5EDC-4519-802E-BEA69B18800A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8C281EA7-8AE1-4D5A-B03B-B3BE37740195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "024CF5B1-1875-4785-ACAF-35ECCC7914A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "5F446903-51AC-4FA3-BA90-C2EA59BBDB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE86CC5-956E-4F16-BE7B-2B1CAAEB5C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0AC1B21-D3BE-4B6A-AE40-8B395E81DD50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5E8A73-1C02-4900-BC30-83084DC8371C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A92A41E3-BF0F-49BD-9F0F-5FDC11BF2499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "937C3149-3F34-40D8-964D-FB65EBDF0BC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CD183A-3777-44F9-8CA6-8E802058D099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C0CC63-558B-4750-8293-926BE9EAD42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA66BCA5-3934-449E-BAD3-D0DFBF4A04BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5030281C-CD4F-4106-A100-332A4C3C2AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D408134A-29E8-4D6A-9352-DB7F9CF55FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B08C41E-2357-44D5-A3A7-75389B343B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F40588-308A-4BA7-AE62-5DCC7D7528EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E41BD65A-F39B-42C5-8776-CE09345A531D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F860666-578F-4B48-ABCA-1B5F2697DEAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page."
    },
    {
      "lang": "es",
      "value": "La lista del foro en Drupal v7.x anterior a v7.14 no comprueba correctamente los permisos de usuario para los mensajes publicados en el foro, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n confidencial, como el t\u00edtulo de la entrada a trav\u00e9s de la p\u00e1gina de resumen del foro."
    }
  ],
  "id": "CVE-2012-1590",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-01T00:55:00.993",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/drupal-7.14"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://drupal.org/node/1302404"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1557938"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/49012"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/53359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/drupal-7.14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://drupal.org/node/1302404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://drupal.org/node/1557938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53359"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-1590 (GCVE-0-2012-1590)

Vulnerability from cvelistv5

Published

2012-10-01 00:00