CVE-2012-2077 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Rob Loach	Sharethis

Configuration 1 [-]

AND

OR	cpe:2.3:a:rob_loach:sharethis:7.x-2.0:::::::*
	cpe:2.3:a:rob_loach:sharethis:7.x-2.0:dev::::::
	cpe:2.3:a:rob_loach:sharethis:7.x-2.1:::::::*
	cpe:2.3:a:rob_loach:sharethis:7.x-2.2:::::::*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1504746
http://drupal.org/node/1506448
http://drupalcode.org/project/sharethis.git/commit/11f247a
http://secunia.com/advisories/48598
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/80681
http://www.securityfocus.com/bid/52778
https://exchange.xforce.ibmcloud.com/vulnerabilities/74518

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-14T23:00:00

Updated: 2024-08-06T19:17:27.814Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2077

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-14T23:55:01.660

Modified: 2017-08-29T01:31:29.210

Link: CVE-2012-2077

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"}, {"name": "48598", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48598"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "80681", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/80681"}, {"name": "52778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52778"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1506448"}, {"name": "drupal-sharethis-administrationforms-csrf(74518)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1504746"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2077", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupalcode.org/project/sharethis.git/commit/11f247a", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"}, {"name": "48598", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48598"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "80681", "refsource": "OSVDB", "url": "http://www.osvdb.org/80681"}, {"name": "52778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52778"}, {"name": "http://drupal.org/node/1506448", "refsource": "MISC", "url": "http://drupal.org/node/1506448"}, {"name": "drupal-sharethis-administrationforms-csrf(74518)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"}, {"name": "http://drupal.org/node/1504746", "refsource": "CONFIRM", "url": "http://drupal.org/node/1504746"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:17:27.814Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"}, {"name": "48598", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48598"}, {"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"name": "80681", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/80681"}, {"name": "52778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52778"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1506448"}, {"name": "drupal-sharethis-administrationforms-csrf(74518)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1504746"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2077", "datePublished": "2012-08-14T23:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:17:27.814Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rob_loach:sharethis:7.x-2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FA8431B-78F1-43CA-9586-41108FD5FC75", "vulnerable": true}, {"criteria": "cpe:2.3:a:rob_loach:sharethis:7.x-2.0:dev:*:*:*:*:*:*", "matchCriteriaId": "8A696500-32FA-40A5-8055-63122D1F1B68", "vulnerable": true}, {"criteria": "cpe:2.3:a:rob_loach:sharethis:7.x-2.1:*:*:*:*:*:*:*", "matchCriteriaId": "968F8AF3-2A6C-48E2-93D3-A3A3FEDC2E20", "vulnerable": true}, {"criteria": "cpe:2.3:a:rob_loach:sharethis:7.x-2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E90BF4D9-64F0-4E12-A80B-C72D9AE59634", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors \"outside of the Form API.\""}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en el m\u00f3dulo de ShareThis v7.x-2.x antes v7.x-2.3 para Drupal permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios con permisos de administraci\u00f3n de \"ShareThis\" a trav\u00e9s de vectores desconocidos \"fuera de la API del formulario\".\r\n"}], "id": "CVE-2012-2077", "lastModified": "2017-08-29T01:31:29.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-14T23:55:01.660", "references": [{"source": "secalert@redhat.com", "url": "http://drupal.org/node/1504746"}, {"source": "secalert@redhat.com", "url": "http://drupal.org/node/1506448"}, {"source": "secalert@redhat.com", "url": "http://drupalcode.org/project/sharethis.git/commit/11f247a"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48598"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/80681"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/52778"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74518"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}