CVE-2012-2304

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
emil_stjernemanlinkit
7.x-2.0:x
emil_stjernemanlinkit
7.x-2.0:x
emil_stjernemanlinkit
7.x-2.0:x
emil_stjernemanlinkit
7.x-2.1:x
emil_stjernemanlinkit
7.x-2.2:x
emil_stjernemanlinkit
7.x-2.3:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1547716
http://drupal.org/node/1547738
http://secunia.com/advisories/48900
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81557
http://www.securityfocus.com/bid/53253
https://exchange.xforce.ibmcloud.com/vulnerabilities/75183
http://drupal.org/node/1547716
http://drupal.org/node/1547738
http://secunia.com/advisories/48900
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81557
http://www.securityfocus.com/bid/53253
https://exchange.xforce.ibmcloud.com/vulnerabilities/75183