CVE-2012-1635
N/A
N/A
Summary
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupal.org/node/1407456
- https://drupal.org/node/1409268
- http://www.openwall.com/lists/oss-security/2012/04/07/1
References
- http://drupal.org/node/1407456
- https://drupal.org/node/1409268
- http://www.openwall.com/lists/oss-security/2012/04/07/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.