- Description
- The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:commons:6.x-2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A64BD45-4DBB-4D3C-9F1C-649DB6A6C031"
},
{
"criteria": "cpe:2.3:a:acquia:commons:6.x-2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58171E2C-F159-4907-B479-80409D678A16"
},
{
"criteria": "cpe:2.3:a:acquia:commons:6.x-2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "025C4407-B45A-4B7E-B657-2A5FBC1BEF25"
},
{
"criteria": "cpe:2.3:a:acquia:commons:6.x-2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D610949E-C99E-4120-8C0B-EF2CE995C17D"
},
{
"criteria": "cpe:2.3:a:acquia:commons:6.x-2.x:dev:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "490E4098-1A97-47EB-AA6E-E40734812D8B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]