CVE-2012-2303

The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.0:x
florian_weberspaces
6.x-3.1:x
florian_weberspaces
6.x-3.2:x
florian_weberspaces
6.x-3.3:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1547730
http://drupal.org/node/1547736
http://drupalcode.org/project/spaces.git/commitdiff/cee919c
http://secunia.com/advisories/48930
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81556
http://www.securityfocus.com/bid/53252
http://drupal.org/node/1547730
http://drupal.org/node/1547736
http://drupalcode.org/project/spaces.git/commitdiff/cee919c
http://secunia.com/advisories/48930
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81556
http://www.securityfocus.com/bid/53252