CVE-2012-5589

Published Dec 26, 2012

Last updated 3 months ago

CVSS info 3.5

Overview

Description: The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FF857D7-46F4-43FB-8786-201C31C2D91B"
          },
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A71AE2B4-776E-4B3D-92D4-CE6270897F26"
          },
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FBD30DC-0A63-4E3E-8906-A379A0A265C1"
          },
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A296E283-9561-4CAE-A831-FBD2070E4235"
          },
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E10D4DC2-FB36-4037-9C03-1F8E4BD71D5B"
          },
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6C0D54E-792F-450A-9D19-1B5C66996064"
          },
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:6.x-2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C50BF43C-418F-4DB1-ACF1-25E21ADD5CDE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netgenius:multilink:7.x-2.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C13FD4C-AEA6-4B0F-9B1A-B8585A379E28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References