CVE-2012-4488 - OpenCVE

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Location Module Project	Location
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:location_module_project:location:6.x-3.0:::::::*
	cpe:2.3:a:location_module_project:location:6.x-3.0:rc1::::::
	cpe:2.3:a:location_module_project:location:6.x-3.0:rc2::::::
	cpe:2.3:a:location_module_project:location:6.x-3.0:test3::::::
	cpe:2.3:a:location_module_project:location:6.x-3.1:::::::*
	cpe:2.3:a:location_module_project:location:6.x-3.1:rc1::::::
	cpe:2.3:a:location_module_project:location:6.x-3.x:dev::::::
	cpe:2.3:a:location_module_project:location:7.x-1.0:beta1::::::
	cpe:2.3:a:location_module_project:location:7.x-3.x:dev::::::
	cpe:2.3:a:location_module_project:location:7.x-4.x:dev::::::
	cpe:2.3:a:location_module_project:location:7.x-5.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

References

Link	Resource
http://drupal.org/node/1699962	Patch
http://drupal.org/node/1699984	Patch
http://drupal.org/node/1700588	Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-10-03T16:15:35

Updated: 2022-10-03T16:15:35

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-4488

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-10-31T16:55:03.047

Modified: 2012-11-02T04:00:00.000

Link: CVE-2012-4488

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1700588"}, {"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1699962"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1699984"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/1700588", "refsource": "MISC", "url": "http://drupal.org/node/1700588"}, {"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}, {"name": "http://drupal.org/node/1699962", "refsource": "CONFIRM", "url": "http://drupal.org/node/1699962"}, {"name": "http://drupal.org/node/1699984", "refsource": "CONFIRM", "url": "http://drupal.org/node/1699984"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4488", "datePublished": "2022-10-03T16:15:35", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3D1698DC-E5F7-4551-8733-22D0C6DBC7EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5BD4F5FF-AB94-4BB6-ADFD-95A04C243493", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C370E871-839F-4BC8-8DF1-6CCD828AC238", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.0:test3:*:*:*:*:*:*", "matchCriteriaId": "653AB041-6093-4908-9EBF-59AA96F77470", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "FECCAEC1-037D-42FA-A531-3E7B414976D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "BFD761E9-EF45-4589-9F9E-755168470736", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:6.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "2F7B570F-A43D-43A7-848A-3730EB4680B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "46387A3E-D446-4BFA-A657-9730492759CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-3.x:dev:*:*:*:*:*:*", "matchCriteriaId": "88718278-C458-4607-A4E9-A4FE3F8DAC72", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-4.x:dev:*:*:*:*:*:*", "matchCriteriaId": "B7789237-66FE-4766-93B0-6EDFA221A840", "vulnerable": true}, {"criteria": "cpe:2.3:a:location_module_project:location:7.x-5.x:dev:*:*:*:*:*:*", "matchCriteriaId": "39F1AB98-AD33-4D6A-8E95-E750D3EB65FC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page."}, {"lang": "es", "value": "El m\u00f3dulo Location v6.x antes de v6.x-3.2 y v7.x antes de v7.x-3.0-alfa1 para Drupal no comprueba correctamente los permisos de usuario o nodo de acceso, lo que permite a atacantes remotos leer nodos o usuario a trav\u00e9s de los resultados de la p\u00e1gina de b\u00fasqueda de ubicaci\u00f3n."}], "id": "CVE-2012-4488", "lastModified": "2012-11-02T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-31T16:55:03.047", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1699962"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://drupal.org/node/1699984"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://drupal.org/node/1700588"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}