CVE-2012-2722

EUVD-2012-2702
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
scott_reynennode_embed
6.x-1.0:x
scott_reynennode_embed
6.x-1.1:x
scott_reynennode_embed
6.x-1.2:x
scott_reynennode_embed
6.x-1.3:x
scott_reynennode_embed
6.x-1.4:x
scott_reynennode_embed
7.x-1.0:x
scott_reynennode_embed
7.x-1.0:x
scott_reynennode_embed
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1618428
http://drupal.org/node/1618430
http://drupal.org/node/1619824
http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
http://secunia.com/advisories/48348
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82735
http://www.securityfocus.com/bid/53835
https://exchange.xforce.ibmcloud.com/vulnerabilities/76148
http://drupal.org/node/1618428
http://drupal.org/node/1618430
http://drupal.org/node/1619824
http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
http://secunia.com/advisories/48348
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82735
http://www.securityfocus.com/bid/53835
https://exchange.xforce.ibmcloud.com/vulnerabilities/76148