Vulnerability Description
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Florian Weber | Spaces | 6.x-3.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1547730Patch
- http://drupal.org/node/1547736Patch
- http://drupalcode.org/project/spaces.git/commitdiff/cee919cExploitPatch
- http://secunia.com/advisories/48930Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.osvdb.org/81556
- http://www.securityfocus.com/bid/53252
- http://drupal.org/node/1547730Patch
- http://drupal.org/node/1547736Patch
- http://drupalcode.org/project/spaces.git/commitdiff/cee919cExploitPatch
- http://secunia.com/advisories/48930Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.osvdb.org/81556
FAQ
What is CVE-2012-2303?
CVE-2012-2303 is a vulnerability with a CVSS score of 7.5 (HIGH). The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via ...
How severe is CVE-2012-2303?
CVE-2012-2303 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2303?
Check the references section above for vendor advisories and patch information. Affected products include: Florian Weber Spaces, Drupal Drupal.