CVE-2012-2722 - OpenCVE

The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Scott Reynen	Node Embed

Configuration 1 [-]

AND

OR	cpe:2.3:a:scott_reynen:node_embed:6.x-1.0:::::::*
	cpe:2.3:a:scott_reynen:node_embed:6.x-1.1:::::::*
	cpe:2.3:a:scott_reynen:node_embed:6.x-1.2:::::::*
	cpe:2.3:a:scott_reynen:node_embed:6.x-1.3:::::::*
	cpe:2.3:a:scott_reynen:node_embed:6.x-1.4:::::::*
	cpe:2.3:a:scott_reynen:node_embed:7.x-1.0:rc1::::::
	cpe:2.3:a:scott_reynen:node_embed:7.x-1.0:rc2::::::
	cpe:2.3:a:scott_reynen:node_embed:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1618428
http://drupal.org/node/1618430
http://drupal.org/node/1619824
http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c
http://drupalcode.org/project/node_embed.git/commitdiff/d06f022
http://secunia.com/advisories/48348
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82735
http://www.securityfocus.com/bid/53835
https://exchange.xforce.ibmcloud.com/vulnerabilities/76148

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-27T00:00:00

Updated: 2024-08-06T19:42:32.375Z

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2722

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-06-27T00:55:05.037

Modified: 2017-08-29T01:31:40.790

Link: CVE-2012-2722

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1618430"}, {"name": "82735", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/82735"}, {"name": "53835", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53835"}, {"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"name": "nodeembed-selectembed-security-bypass(76148)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76148"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1618428"}, {"name": "48348", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48348"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1619824"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022"}, {"name": "http://drupal.org/node/1618430", "refsource": "CONFIRM", "url": "http://drupal.org/node/1618430"}, {"name": "82735", "refsource": "OSVDB", "url": "http://www.osvdb.org/82735"}, {"name": "53835", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53835"}, {"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"name": "nodeembed-selectembed-security-bypass(76148)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76148"}, {"name": "http://drupal.org/node/1618428", "refsource": "CONFIRM", "url": "http://drupal.org/node/1618428"}, {"name": "48348", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48348"}, {"name": "http://drupal.org/node/1619824", "refsource": "MISC", "url": "http://drupal.org/node/1619824"}, {"name": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c", "refsource": "CONFIRM", "url": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:42:32.375Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1618430"}, {"name": "82735", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/82735"}, {"name": "53835", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53835"}, {"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"name": "nodeembed-selectembed-security-bypass(76148)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76148"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1618428"}, {"name": "48348", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48348"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1619824"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2722", "datePublished": "2012-06-27T00:00:00", "dateReserved": "2012-05-14T00:00:00", "dateUpdated": "2024-08-06T19:42:32.375Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scott_reynen:node_embed:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "91B5092C-E35A-4409-B505-30EB7452F629", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1338A401-9C31-47DA-B25D-7A366AE884AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD98D253-C732-46BC-A8EE-B85BE6C64B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2DB7E6D-829F-48CD-BC83-1C0699E2AD99", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "5CD2C410-8FB9-4ED4-A20B-D0AE1CF515AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:7.x-1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C6B4CB6E-0AF5-4796-BE58-6AD8D0A3DD9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:7.x-1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6E6D7FFB-06E4-4BA1-9517-2B761E92BF33", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_reynen:node_embed:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "49421DA1-E8CD-4AD3-9AEF-F9F0335E0A55", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles."}, {"lang": "es", "value": "La interfaz de selecci\u00f3n de nodos en el editor WYSIWYG (CKEditor) en Node Embed module v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x, anterior a v7.x-1.0 para Drupal no comprueba correctamente los permisos y permite a atacantes remotos eludir restricciones de acceso y destinados a leer los t\u00edtulos de los nodos."}], "id": "CVE-2012-2722", "lastModified": "2017-08-29T01:31:40.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-27T00:55:05.037", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1618428"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1618430"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1619824"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://drupalcode.org/project/node_embed.git/commitdiff/d06f022"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48348"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/82735"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/53835"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76148"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}