CVE-2012-4483

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
acquiacommons
6.x-2.4:x
acquiacommons
6.x-2.5:x
acquiacommons
6.x-2.6:x
acquiacommons
6.x-2.7:x
acquiacommons
6.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1679820
http://drupal.org/node/1679908
http://drupalcode.org/project/commons.git/commitdiff/8ef688b
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1
http://drupal.org/node/1679820
http://drupal.org/node/1679908
http://drupalcode.org/project/commons.git/commitdiff/8ef688b
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1