CVE-2012-4488 - OpenCVE

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Location Module Project	Location

Configuration 1 [-]

AND

OR	cpe:2.3:a:location_module_project:location:6.x-3.0:::::::*
	cpe:2.3:a:location_module_project:location:6.x-3.0:rc1::::::
	cpe:2.3:a:location_module_project:location:6.x-3.0:rc2::::::
	cpe:2.3:a:location_module_project:location:6.x-3.0:test3::::::
	cpe:2.3:a:location_module_project:location:6.x-3.1:::::::*
	cpe:2.3:a:location_module_project:location:6.x-3.1:rc1::::::
	cpe:2.3:a:location_module_project:location:6.x-3.x:dev::::::
	cpe:2.3:a:location_module_project:location:7.x-1.0:beta1::::::
	cpe:2.3:a:location_module_project:location:7.x-3.x:dev::::::
	cpe:2.3:a:location_module_project:location:7.x-4.x:dev::::::
	cpe:2.3:a:location_module_project:location:7.x-5.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1699962
http://drupal.org/node/1699984
http://drupal.org/node/1700588
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-31T16:00:00Z

Updated: 2024-09-16T17:43:26.263Z

Reserved: 2012-08-21T00:00:00Z

Link: CVE-2012-4488

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-10-31T16:55:03.047

Modified: 2012-11-02T04:00:00.000

Link: CVE-2012-4488

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-31T16:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1700588"}, {"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1699962"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1699984"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1700588", "refsource": "MISC", "url": "http://drupal.org/node/1700588"}, {"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"name": "http://drupal.org/node/1699962", "refsource": "CONFIRM", "url": "http://drupal.org/node/1699962"}, {"name": "http://drupal.org/node/1699984", "refsource": "CONFIRM", "url": "http://drupal.org/node/1699984"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.939Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1700588"}, {"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1699962"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1699984"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4488", "datePublished": "2012-10-31T16:00:00Z", "dateReserved": "2012-08-21T00:00:00Z", "dateUpdated": "2024-09-16T17:43:26.263Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D1698DC-E5F7-4551-8733-22D0C6DBC7EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5BD4F5FF-AB94-4BB6-ADFD-95A04C243493", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C370E871-839F-4BC8-8DF1-6CCD828AC238", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:test3:*:*:*:*:*:*", "matchCriteriaId": "653AB041-6093-4908-9EBF-59AA96F77470", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "FECCAEC1-037D-42FA-A531-3E7B414976D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "BFD761E9-EF45-4589-9F9E-755168470736", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "2F7B570F-A43D-43A7-848A-3730EB4680B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "46387A3E-D446-4BFA-A657-9730492759CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "88718278-C458-4607-A4E9-A4FE3F8DAC72", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-4.x:dev:*:*:*:*:*:*", "matchCriteriaId": "B7789237-66FE-4766-93B0-6EDFA221A840", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-5.x:dev:*:*:*:*:*:*", "matchCriteriaId": "39F1AB98-AD33-4D6A-8E95-E750D3EB65FC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page."}, {"lang": "es", "value": "El m\u00f3dulo Location v6.x antes de v6.x-3.2 y v7.x antes de v7.x-3.0-alfa1 para Drupal no comprueba correctamente los permisos de usuario o nodo de acceso, lo que permite a atacantes remotos leer nodos o usuario a trav\u00e9s de los resultados de la p\u00e1gina de b\u00fasqueda de ubicaci\u00f3n."}], "id": "CVE-2012-4488", "lastModified": "2012-11-02T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-31T16:55:03.047", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1699962"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1699984"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://drupal.org/node/1700588"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}