CVE-2012-2722

The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
scott_reynennode_embed
6.x-1.0:x
scott_reynennode_embed
6.x-1.1:x
scott_reynennode_embed
6.x-1.2:x
scott_reynennode_embed
6.x-1.3:x
scott_reynennode_embed
6.x-1.4:x
scott_reynennode_embed
7.x-1.0:x
scott_reynennode_embed
7.x-1.0:x
scott_reynennode_embed
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1618428
http://drupal.org/node/1618430
http://drupal.org/node/1619824
http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
http://secunia.com/advisories/48348
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82735
http://www.securityfocus.com/bid/53835
https://exchange.xforce.ibmcloud.com/vulnerabilities/76148
http://drupal.org/node/1618428
http://drupal.org/node/1618430
http://drupal.org/node/1619824
http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
http://secunia.com/advisories/48348
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82735
http://www.securityfocus.com/bid/53835
https://exchange.xforce.ibmcloud.com/vulnerabilities/76148