Vulnerability Details : CVE-2012-5557
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.
Exploit prediction scoring system (EPSS) score for CVE-2012-5557
Probability of exploitation activity in the next 30 days: 0.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-5557
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.6
|
LOW | AV:N/AC:H/Au:S/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
CWE ids for CVE-2012-5557
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5557
-
http://www.openwall.com/lists/oss-security/2012/11/20/4
oss-security - Re: CVE Request for Drupal Contributed Modules
-
http://drupal.org/node/1840886
Access to this page has been denied.Patch;Vendor Advisory
-
http://drupal.org/node/1840054
Access to this page has been denied.Patch
-
http://drupal.org/node/1840038
Access to this page has been denied.Patch
Products affected by CVE-2012-5557
- cpe:2.3:a:user_read-only_project:user_readonly:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:7.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:7.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:7.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:6.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:6.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:user_read-only_project:user_readonly:7.x-1.2:*:*:*:*:*:*:*