CVE Vulnerabilities

CVE-2012-1590

Published: Oct 01, 2012 | Modified: Dec 13, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Affected Software

Name Vendor Start Version End Version
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.0 7.0
Drupal Drupal 7.1 7.1
Drupal Drupal 7.2 7.2
Drupal Drupal 7.3 7.3
Drupal Drupal 7.4 7.4
Drupal Drupal 7.5 7.5
Drupal Drupal 7.6 7.6
Drupal Drupal 7.7 7.7
Drupal Drupal 7.8 7.8
Drupal Drupal 7.9 7.9
Drupal Drupal 7.10 7.10
Drupal Drupal 7.11 7.11
Drupal Drupal 7.12 7.12
Drupal Drupal 7.13 7.13
Drupal Drupal 7.x-dev 7.x-dev
Drupal5 Ubuntu hardy *
Drupal6 Ubuntu lucid *
Drupal6 Ubuntu natty *
Drupal6 Ubuntu oneiric *
Drupal6 Ubuntu precise *
Drupal6 Ubuntu quantal *
Drupal6 Ubuntu raring *
Drupal7 Ubuntu precise *
Drupal7 Ubuntu upstream *

References