Vulnerability Details : CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
Products affected by CVE-2012-2304
- cpe:2.3:a:emil_stjerneman:linkit:7.x-2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:emil_stjerneman:linkit:7.x-2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:emil_stjerneman:linkit:7.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:emil_stjerneman:linkit:7.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:emil_stjerneman:linkit:7.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:emil_stjerneman:linkit:7.x-2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2304
0.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2304
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-2304
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2304
-
http://www.openwall.com/lists/oss-security/2012/05/03/2
oss-security - Re: CVE Request for Drupal contributed modules
-
http://drupal.org/node/1547738
SA-CONTRIB-2012-067 - Linkit - Access bypass | Drupal.orgVendor Advisory
-
http://www.securityfocus.com/bid/53253
Drupal Linkit Module Access Security Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75183
Linkit module for Drupal search module security bypass CVE-2012-2304 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/05/03/1
oss-security - CVE Request for Drupal contributed modules
-
http://drupal.org/node/1547716
Access to this page has been denied.Patch
Jump to