Vulnerability Description
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alexis Wilke | Protected Node | 6.x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1258034Patch
- http://drupal.org/node/1632918PatchVendor Advisory
- http://secunia.com/advisories/49509Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82984
- http://www.securityfocus.com/bid/54001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76291
- http://drupal.org/node/1258034Patch
- http://drupal.org/node/1632918PatchVendor Advisory
- http://secunia.com/advisories/49509Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82984
- http://www.securityfocus.com/bid/54001
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76291
FAQ
What is CVE-2012-2730?
CVE-2012-2730 is a vulnerability with a CVSS score of 7.5 (HIGH). The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass i...
How severe is CVE-2012-2730?
CVE-2012-2730 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2730?
Check the references section above for vendor advisories and patch information. Affected products include: Alexis Wilke Protected Node, Drupal Drupal.