Vulnerability Description
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Earl Dunovant | Monthly Archive By Node Type | 6.x-1.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1708198Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://www.securityfocus.com/bid/54768
- http://drupal.org/node/1708198Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://www.securityfocus.com/bid/54768
FAQ
What is CVE-2012-4491?
CVE-2012-4491 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vect...
How severe is CVE-2012-4491?
CVE-2012-4491 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4491?
Check the references section above for vendor advisories and patch information. Affected products include: Earl Dunovant Monthly Archive By Node Type, Drupal Drupal.