Vulnerability Details : CVE-2012-2730
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
Products affected by CVE-2012-2730
- cpe:2.3:a:alexis_wilke:protected_node:6.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:alexis_wilke:protected_node:6.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:alexis_wilke:protected_node:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:alexis_wilke:protected_node:6.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:alexis_wilke:protected_node:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:alexis_wilke:protected_node:6.x-1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2730
1.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2730
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-2730
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2730
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/76291
Protected Node module for Drupal security bypass CVE-2012-2730 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/06/14/3
oss-security - Re: CVE Request for Drupal contributed modules
-
http://drupal.org/node/1632918
Access to this page has been denied.Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/54001
Drupal Protected Node Module Access Bypass Vulnerability
-
http://drupal.org/node/1258034
Access to this page has been denied.Patch
Jump to