QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2153

Published: Oct 1, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://drupal.org/drupal-7.14

x_refsource_CONFIRM

http://drupalcode.org/project/drupal.git/commit/c6d2b8311b82fe78d18732f01a68ceca3dea50af

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

http://drupal.org/node/1557938

x_refsource_CONFIRM

http://drupal.org/node/1558478

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.