PT-2012-6026 · Drupal · Drupal User Read-Only Module

Forest Monsen

Publicado

2012-12-03

Atualizado

2012-12-04

CVE-2012-5557

CVSS v2.0

3.6

Baixa

Vetor

AV:N/AC:H/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal User Read-Only module versions 6.x-1.x before 6.x-1.4 Drupal User Read-Only module versions 7.x-1.x before 7.x-1.4

Description The issue arises when there are more than three roles on the site and certain unspecified configurations are in place. This might allow remote authenticated users to gain privileges by performing certain operations. An example of such an operation is changing a password.

Recommendations For Drupal User Read-Only module version 6.x-1.x, update to version 6.x-1.4 or later. For Drupal User Read-Only module version 7.x-1.x, update to version 7.x-1.4 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-5557

Produtos afetados

Drupal User Read-Only Module

PT-2012-6026 · Drupal · Drupal User Read-Only Module

CVE-2012-5557

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5