CVE-2012-2303 - OpenCVE

The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Florian Weber	Spaces

Configuration 1 [-]

AND

OR	cpe:2.3:a:florian_weber:spaces:6.x-3.0:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2::::::
	cpe:2.3:a:florian_weber:spaces:6.x-3.1:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.2:::::::*
	cpe:2.3:a:florian_weber:spaces:6.x-3.3:::::::*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1547730
http://drupal.org/node/1547736
http://drupalcode.org/project/spaces.git/commitdiff/cee919c
http://secunia.com/advisories/48930
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
http://www.osvdb.org/81556
http://www.securityfocus.com/bid/53252

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-18T18:00:00

Updated: 2024-08-06T19:26:09.067Z

Reserved: 2012-04-19T00:00:00

Link: CVE-2012-2303

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-07-18T18:55:03.103

Modified: 2012-08-09T04:00:00.000

Link: CVE-2012-2303

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-25T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1547736"}, {"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"}, {"name": "81556", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/81556"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/spaces.git/commitdiff/cee919c"}, {"name": "53252", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53252"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1547730"}, {"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"}, {"name": "48930", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48930"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2303", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1547736", "refsource": "MISC", "url": "http://drupal.org/node/1547736"}, {"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"}, {"name": "81556", "refsource": "OSVDB", "url": "http://www.osvdb.org/81556"}, {"name": "http://drupalcode.org/project/spaces.git/commitdiff/cee919c", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/spaces.git/commitdiff/cee919c"}, {"name": "53252", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53252"}, {"name": "http://drupal.org/node/1547730", "refsource": "CONFIRM", "url": "http://drupal.org/node/1547730"}, {"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"}, {"name": "48930", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48930"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:09.067Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1547736"}, {"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"}, {"name": "81556", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/81556"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/spaces.git/commitdiff/cee919c"}, {"name": "53252", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53252"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1547730"}, {"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"}, {"name": "48930", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48930"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2303", "datePublished": "2012-07-18T18:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:26:09.067Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1CC67A4-5738-4B8F-BE5C-88CA25421429", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "5D25D0B7-B244-4B26-A12C-9EDD7819A2DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "C47605FB-4CC3-4EB9-920B-26262B7A6A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "459CB0BD-CAD0-4A0B-AD85-E95BF8A435F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "4BA90A0E-B5A0-4601-B0A3-0CE799E3F36F", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6C425F11-21B1-4711-9DFD-D01E0552A85E", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "E6950379-D3E8-4EA7-85C8-9B8AFC866179", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "1E54DCB9-B15B-47C9-A615-E21732129089", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "F7B82BE1-7EBC-4FFB-A458-E8873D34A48E", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r1:*:*:*:*:*:*", "matchCriteriaId": "4152DF10-495C-4C41-8E3F-911556AE7533", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.0:r2:*:*:*:*:*:*", "matchCriteriaId": "93285C66-DEE3-4DC7-A3EF-21DE03715C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "8F131660-BB9E-429D-9862-1302ACEB5E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E8A86D65-402B-4D80-B774-294BC38572DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:florian_weber:spaces:6.x-3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C87A533E-C7E7-4A32-8A66-D568183006B4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module."}, {"lang": "es", "value": "El m\u00f3dulo Spaces v6.x-3.x antes de v6.x-3.4 para Drupal no cumple los permisos de p\u00e1ginas no-objeto, lo que permite a atacantes remotos obtener informaci\u00f3n sensible y posiblemente tener otros impactos a trav\u00e9s de vectores no especificados sobre (1) Spaces o (2) el m\u00f3dulo Spaces OG."}], "id": "CVE-2012-2303", "lastModified": "2012-08-09T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-07-18T18:55:03.103", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1547730"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1547736"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://drupalcode.org/project/spaces.git/commitdiff/cee919c"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48930"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/81556"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53252"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}