Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Remediation

References

CVE-2012-2153

Related Vulnerabilities

WordPress Plugin API Bearer Auth Cross-Site Scripting (20181229)

WordPress Plugin BizLibrary Cross-Site Scripting (1.1)

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3572)

Jenkins Origin Validation Error Vulnerability (CVE-2024-23898)

WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)

Severity

Medium

Classification

CVE-2012-2153 CWE-264

Tags

Missing Update Known Vulnerabilities