CVE-2012-1635

Name of the Vulnerable Software and Affected Versions Drupal revisioning module versions 7.x-1.x before 7.x-1.3

Description The issue allows remote attackers to bypass intended access restrictions. This is demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content, due to the hook node access function checking the permissions of the current user even when it is called to check permissions of other users.

Recommendations For Drupal revisioning module versions 7.x-1.x before 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue.