CVE-2012-2153
medium
CVSS v3
—
CVSS v2
4.0
VIR risk
4.0
Description
Drupal improper access restrictions
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://drupal.org/node/1557938
Vendor advisory: secalert@redhat.com — http://drupal.org/drupal-7.14
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | drupal/drupal | >=7.0,<7.14 | 7.14 |
References
- http://drupal.org/drupal-7.14
- http://drupal.org/node/1557938
- http://drupal.org/node/1558478
- http://drupalcode.org/project/drupal.git/commit/c6d2b8311b82fe78d18732f01a68ceca3dea50af
- http://secunia.com/advisories/49012
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://www.securityfocus.com/bid/53362
- https://nvd.nist.gov/vuln/detail/CVE-2012-2153
- https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074
- https://web.archive.org/web/20200229101926/http://www.securityfocus.com/bid/53362
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.