CVE-2012-5542 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal
Pedro Cambra	Commerce Extra Panes

Configuration 1 [-]

AND

OR	cpe:2.3:a:pedro_cambra:commerce_extra_panes:7.x-1.0:::::::*
	cpe:2.3:a:pedro_cambra:commerce_extra_panes:7.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1802192
http://drupal.org/node/1802258
http://osvdb.org/85892
http://secunia.com/advisories/50802
http://www.openwall.com/lists/oss-security/2012/11/20/4
http://www.securityfocus.com/bid/55776
https://exchange.xforce.ibmcloud.com/vulnerabilities/79025

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-03T21:00:00

Updated: 2024-08-06T21:05:47.359Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5542

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-12-03T21:55:02.173

Modified: 2017-08-29T01:32:42.480

Link: CVE-2012-5542

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to \"the link to reorder items.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1802192"}, {"name": "50802", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50802"}, {"name": "drupal-commerceextrapanes-unspecified-csrf(79025)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79025"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1802258"}, {"name": "55776", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55776"}, {"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"}, {"name": "85892", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/85892"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5542", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to \"the link to reorder items.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1802192", "refsource": "CONFIRM", "url": "http://drupal.org/node/1802192"}, {"name": "50802", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50802"}, {"name": "drupal-commerceextrapanes-unspecified-csrf(79025)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79025"}, {"name": "http://drupal.org/node/1802258", "refsource": "MISC", "url": "http://drupal.org/node/1802258"}, {"name": "55776", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55776"}, {"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"}, {"name": "85892", "refsource": "OSVDB", "url": "http://osvdb.org/85892"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.359Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1802192"}, {"name": "50802", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50802"}, {"name": "drupal-commerceextrapanes-unspecified-csrf(79025)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79025"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1802258"}, {"name": "55776", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55776"}, {"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"}, {"name": "85892", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/85892"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5542", "datePublished": "2012-12-03T21:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:05:47.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pedro_cambra:commerce_extra_panes:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "665A61D1-058F-40F2-9A73-42021302A961", "vulnerable": true}, {"criteria": "cpe:2.3:a:pedro_cambra:commerce_extra_panes:7.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "7B855966-FE2B-47F6-85FE-7C08BA03DF48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to \"the link to reorder items.\""}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en el m\u00f3dulo Commerce Extra Panes v7.x-1.x antes de v7.x-1.1 para Drupal permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que activan o desactivan un panel Commerce extra panes a trav\u00e9s de vectores no especificados relacionados con \"el enlace a la reordenaci\u00f3n de elementos\""}], "id": "CVE-2012-5542", "lastModified": "2017-08-29T01:32:42.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-12-03T21:55:02.173", "references": [{"source": "secalert@redhat.com", "url": "http://drupal.org/node/1802192"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1802258"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/85892"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50802"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55776"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79025"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}