CVE-2012-4488

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
location_module_projectlocation
6.x-3.0:x
location_module_projectlocation
6.x-3.0:x
location_module_projectlocation
6.x-3.0:x
location_module_projectlocation
6.x-3.0:x
location_module_projectlocation
6.x-3.1:x
location_module_projectlocation
6.x-3.1:x
location_module_projectlocation
6.x-3.x:x
location_module_projectlocation
7.x-1.0:x
location_module_projectlocation
7.x-3.x:x
location_module_projectlocation
7.x-4.x:x
location_module_projectlocation
7.x-5.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1699962
http://drupal.org/node/1699984
http://drupal.org/node/1700588
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1
http://drupal.org/node/1699962
http://drupal.org/node/1699984
http://drupal.org/node/1700588
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1