CVE-2012-2153
Drupal 7.0-7.13 - Authenticated Unauthorized Node Access via Content Overview Page
Title source: llmDescription
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53362
Patch x_refsource_confirm
http://drupal.org/drupal-7.14
Patch x_refsource_confirm
http://drupalcode.org/project/drupal.git/commit/c6d2b8311b82fe78d18732f01a68ceca3dea50af
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49012
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1557938
Various Sources x_refsource_confirm
http://drupal.org/node/1558478
Scores
EPSS
0.0043
EPSS Percentile
62.8%
Details
CWE
CWE-264
Status
published
Products (16)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 6 more
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026