CVE-2012-2303

EUVD-2012-2296
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.1:x
florian_weberspaces
6.x-3.2:x
florian_weberspaces
6.x-3.3:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1547730
http://drupal.org/node/1547736
http://drupalcode.org/project/spaces.git/commitdiff/cee919c
http://secunia.com/advisories/48930
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81556
http://www.securityfocus.com/bid/53252
http://drupal.org/node/1547730
http://drupal.org/node/1547736
http://drupalcode.org/project/spaces.git/commitdiff/cee919c
http://secunia.com/advisories/48930
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81556
http://www.securityfocus.com/bid/53252