CVE-2012-1649 - OpenCVE

Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Danielb	Cool Aid
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:danielb:cool_aid::::::::
	cpe:2.3:a:danielb:cool_aid:6.x-1.0:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.1:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.2:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.3:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.4:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.6:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.7:::::::*
	cpe:2.3:a:danielb:cool_aid:6.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1417186
http://drupal.org/node/1461438
http://secunia.com/advisories/48196
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79772
http://www.securityfocus.com/bid/52232
https://exchange.xforce.ibmcloud.com/vulnerabilities/73608

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-09T21:00:00

Updated: 2024-08-06T19:01:02.866Z

Reserved: 2012-03-12T00:00:00

Link: CVE-2012-1649

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-09-09T21:55:06.370

Modified: 2017-08-29T01:31:20.757

Link: CVE-2012-1649

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-26T00:00:00", "descriptions": [{"lang": "en", "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "48196", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48196"}, {"name": "coolaid-helpmessages-security-bypass(73608)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"}, {"name": "52232", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52232"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1461438"}, {"name": "79772", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/79772"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1417186"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1649", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "48196", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48196"}, {"name": "coolaid-helpmessages-security-bypass(73608)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"}, {"name": "52232", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52232"}, {"name": "http://drupal.org/node/1461438", "refsource": "MISC", "url": "http://drupal.org/node/1461438"}, {"name": "79772", "refsource": "OSVDB", "url": "http://www.osvdb.org/79772"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "http://drupal.org/node/1417186", "refsource": "CONFIRM", "url": "http://drupal.org/node/1417186"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.866Z"}, "title": "CVE Program Container", "references": [{"name": "48196", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48196"}, {"name": "coolaid-helpmessages-security-bypass(73608)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"}, {"name": "52232", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52232"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1461438"}, {"name": "79772", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/79772"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1417186"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1649", "datePublished": "2012-09-09T21:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:02.866Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:danielb:cool_aid:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB560574-9327-406C-8DE1-AE20CFB6FF94", "versionEndIncluding": "6.x-1.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9F07426C-4CA6-4CC7-ACA6-34104B08A114", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB6A592D-E0AE-4350-B48E-3D136E7A00C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AB6584B5-1661-44F1-A681-8CA77A08F803", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "86B0DD4B-7D24-43C1-8254-F55C2E556A6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "30AE8F03-84AC-4D18-8E6F-66D07068ECB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7701353A-C6BF-4FD0-A125-78B6D63A12C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "47B9CC5E-E085-440F-9BF5-F909423D1E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:danielb:cool_aid:6.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "FC7CFE3C-DB1E-404F-AD89-9156C796A22E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors."}, {"lang": "es", "value": "El m\u00f3dulo Coll Aid antes de v6.x-1.9 para Drupal no impone restricciones de acceso, lo que permite a usuarios remotos autenticados con el permiso de administrar coolaid, modificar las p\u00e1ginas de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-1649", "lastModified": "2017-08-29T01:31:20.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-09-09T21:55:06.370", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1417186"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://drupal.org/node/1461438"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48196"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/79772"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52232"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73608"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}