CVE-2012-4470 - OpenCVE

The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Philip Ludlam	Listhandler

Configuration 1 [-]

AND

cpe:2.3:a:philip_ludlam:listhandler:6.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1679412
http://drupal.org/node/1819780
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54376

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-30T22:00:00

Updated: 2024-08-06T20:35:09.983Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4470

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-11-30T22:55:00.907

Modified: 2013-01-30T04:54:56.133

Link: CVE-2012-4470

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-01-29T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "54376", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/54376"}, {"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1819780"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1679412"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4470", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "54376", "refsource": "BID", "url": "http://www.securityfocus.com/bid/54376"}, {"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"name": "http://drupal.org/node/1819780", "refsource": "CONFIRM", "url": "http://drupal.org/node/1819780"}, {"name": "http://drupal.org/node/1679412", "refsource": "MISC", "url": "http://drupal.org/node/1679412"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.983Z"}, "title": "CVE Program Container", "references": [{"name": "54376", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/54376"}, {"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1819780"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1679412"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4470", "datePublished": "2012-11-30T22:00:00", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:35:09.983Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philip_ludlam:listhandler:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CC3F5C9-B708-4B36-8213-294E81BE3180", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact."}, {"lang": "es", "value": "El m\u00f3dulo List Handler v6.x-1.x antes de v6.x-1.1 para Drupal no comprueba correctamente los permisos para importar mensajes de correo electr\u00f3nico, lo que permite eludir las restricciones de acceso y posiblemente tener otro impacto no especificado a los autores remotos de comentarios.\r\n"}], "id": "CVE-2012-4470", "lastModified": "2013-01-30T04:54:56.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-30T22:55:00.907", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1679412"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1819780"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/54376"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}