Vulnerability Details CVE-2012-2303
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://drupal.org/node/1547730
- http://drupal.org/node/1547736
- http://drupalcode.org/project/spaces.git/commitdiff/cee919c
- http://secunia.com/advisories/48930
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.osvdb.org/81556
- http://www.securityfocus.com/bid/53252
- http://drupal.org/node/1547730
- http://drupal.org/node/1547736
- http://drupalcode.org/project/spaces.git/commitdiff/cee919c
- http://secunia.com/advisories/48930
- http://www.openwall.com/lists/oss-security/2012/05/03/1
- http://www.openwall.com/lists/oss-security/2012/05/03/2
- http://www.osvdb.org/81556
- http://www.securityfocus.com/bid/53252
Products affected by CVE-2012-2303
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:florian_weber:spaces:6.x-3.0
-
cpe:2.3:a:florian_weber:spaces:6.x-3.1
-
cpe:2.3:a:florian_weber:spaces:6.x-3.2
-
cpe:2.3:a:florian_weber:spaces:6.x-3.3