CVE-2012-2341 - Vulnerability Details - OpenCVE

Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00348.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Rahul Singla	Take Control

Configuration 1 [-]

AND

OR	cpe:2.3:a:rahul_singla:take_control:6.x-1.x:::::::*
	cpe:2.3:a:rahul_singla:take_control:6.x-2.0:beta3::::::
	cpe:2.3:a:rahul_singla:take_control:6.x-2.x:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://drupal.org/node/1243604
http://drupal.org/node/1569512
http://secunia.com/advisories/49060
http://www.openwall.com/lists/oss-security/2012/05/10/6
http://www.openwall.com/lists/oss-security/2012/05/11/2
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.openwall.com/lists/oss-security/2012/06/15/6
http://www.securityfocus.com/bid/53452
https://exchange.xforce.ibmcloud.com/vulnerabilities/75504

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-05-18T22:00:00

Updated: 2024-08-06T19:34:23.961Z

Reserved: 2012-04-19T00:00:00

Link: CVE-2012-2341

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-05-18T22:55:06.170

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2341

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-28T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "49060", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49060"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1243604"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1569512"}, {"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"}, {"name": "53452", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53452"}, {"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"}, {"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"}, {"name": "takecontrol-ajaxcalls-csrf(75504)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75504"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "49060", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49060"}, {"name": "http://drupal.org/node/1243604", "refsource": "CONFIRM", "url": "http://drupal.org/node/1243604"}, {"name": "http://drupal.org/node/1569512", "refsource": "CONFIRM", "url": "http://drupal.org/node/1569512"}, {"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"}, {"name": "53452", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53452"}, {"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"}, {"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"}, {"name": "takecontrol-ajaxcalls-csrf(75504)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75504"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:34:23.961Z"}, "title": "CVE Program Container", "references": [{"name": "49060", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49060"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1243604"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1569512"}, {"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"name": "[oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"}, {"name": "53452", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53452"}, {"name": "[oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"}, {"name": "[oss-security] 20120615 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"}, {"name": "takecontrol-ajaxcalls-csrf(75504)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75504"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2341", "datePublished": "2012-05-18T22:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:34:23.961Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rahul_singla:take_control:6.x-1.x:*:*:*:*:*:*:*", "matchCriteriaId": "9609FA9B-1230-4DC6-8D9B-9EE2FCA4BFCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rahul_singla:take_control:6.x-2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "A702EDF9-E895-427A-A356-4D0D938C0220", "vulnerable": true}, {"criteria": "cpe:2.3:a:rahul_singla:take_control:6.x-2.x:*:*:*:*:*:*:*", "matchCriteriaId": "49E09948-2BB7-4AC4-AE60-366465A8BDE5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en el m\u00f3dulo Take Control v6.x-2.x antes de v6.x-2.2 para Drupal, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios no especificados en peticiones AJAX que manipulan ficheros."}], "id": "CVE-2012-2341", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-05-18T22:55:06.170", "references": [{"source": "secalert@redhat.com", "url": "http://drupal.org/node/1243604"}, {"source": "secalert@redhat.com", "url": "http://drupal.org/node/1569512"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49060"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53452"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75504"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupal.org/node/1243604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupal.org/node/1569512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/05/11/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/06/15/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75504"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}