{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-19T00:00:00", "descriptions": [{"lang": "en", "value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"}, {"name": "55618", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55618"}, {"name": "RHSA-2012:1278", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"}, {"name": "cumin-redhat-sec-bypass(78770)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"}, {"name": "RHSA-2012:1281", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"}, {"name": "50660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50660"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:42:31.903Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"}, {"name": "55618", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55618"}, {"name": "RHSA-2012:1278", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"}, {"name": "cumin-redhat-sec-bypass(78770)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"}, {"name": "RHSA-2012:1281", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"}, {"name": "50660", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50660"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2680", "datePublished": "2012-09-28T17:00:00", "dateReserved": "2012-05-14T00:00:00", "dateUpdated": "2024-08-06T19:42:31.903Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B", "versionEndIncluding": "0.1.5192-4", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*", "matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*", "matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*", "matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*", "matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*", "matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*", "matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*", "matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*", "matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*", "matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*", "matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*", "matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*", "matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*", "matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*", "matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*", "matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*", "matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*", "matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*", "matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45", "vulnerable": true}, {"criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*", "matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""}, {"lang": "es", "value": "Cumin, antes de v0.1.5444, tal y como lo utiliza Red Hat Enterprise Messaging, Realtime, y Grid (MRG) v2.0 no restringe adecuadamente el acceso a los recursos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con (1) las p\u00e1ginas web (2) ls funcionalidad de exportaci\u00f3n\", y (3) la \"visualizaci\u00f3n de im\u00e1genes\"."}], "id": "CVE-2012-2680", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-09-28T17:55:00.727", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50660"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55618"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/50660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55618"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "affected_release": [{"advisory": "RHSA-2012:1278", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-0:7.6.5-0.22.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1278", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-wallaby-0:4.1.3-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1278", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "condor-wallaby-base-db-0:1.23-1.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1278", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "cumin-0:0.1.5444-3.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1278", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "sesame-0:1.0-4.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1278", "cpe": "cpe:/a:redhat:enterprise_mrg:2::el5", "package": "wallaby-0:0.12.5-10.el5", "product_name": "MRG for RHEL-5 v. 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-0:7.6.5-0.22.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-wallaby-0:4.1.3-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "condor-wallaby-base-db-0:1.23-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "cumin-0:0.1.5444-3.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "deltacloud-core-0:0.5.0-10.el6_2", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "libdeltacloud-0:0.9-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-daemons-0:1.1.4-2.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-eventmachine-0:0.12.10-7.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-fssm-0:0.2.7-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-haml-0:3.1.2-2.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-hpricot-0:0.8.4-2.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-json-0:1.4.6-10.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-maruku-0:0.6.0-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-mime-types-0:1.16-4.el6_0", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-mocha-0:0.9.7-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-net-ssh-0:2.0.23-6.el6_0", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-nokogiri-0:1.5.0-0.8.beta4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-rack-1:1.3.0-2.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-rack-accept-0:0.4.3-6.el6_0", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-rack-test-0:0.6.1-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-rake-0:0.8.7-2.1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-rest-client-0:1.6.1-2.el6_0", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygems-0:1.8.16-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-sass-0:3.1.4-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-sinatra-1:1.2.6-2.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-syntax-0:1.0.0-4.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-thin-0:1.2.11-3.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-tilt-0:1.3.2-3.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "rubygem-yard-0:0.7.2-1.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "sesame-0:1.0-6.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}, {"advisory": "RHSA-2012:1281", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "wallaby-0:0.12.5-10.el6", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2012-09-19T00:00:00Z"}], "bugzilla": {"description": "cumin: authentication bypass flaws", "id": "829421", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=829421"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""], "name": "CVE-2012-2680", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "cumin", "product_name": "Red Hat Enterprise MRG 1"}], "public_date": "2012-09-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-2680\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-2680"], "threat_severity": "Moderate"}

{}