PT-2012-6026 · Drupal · Drupal User Read-Only Module

Forest Monsen

Published

2012-12-03

Updated

2012-12-04

CVE-2012-5557

CVSS v2.0

3.6

Low

Vector

AV:N/AC:H/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal User Read-Only module versions 6.x-1.x before 6.x-1.4 Drupal User Read-Only module versions 7.x-1.x before 7.x-1.4

Description The issue arises when there are more than three roles on the site and certain unspecified configurations are in place. This might allow remote authenticated users to gain privileges by performing certain operations. An example of such an operation is changing a password.

Recommendations For Drupal User Read-Only module version 6.x-1.x, update to version 6.x-1.4 or later. For Drupal User Read-Only module version 7.x-1.x, update to version 7.x-1.4 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-5557

Affected Products

Drupal User Read-Only Module

PT-2012-6026 · Drupal · Drupal User Read-Only Module

CVE-2012-5557

Weakness Enumeration

Related Identifiers

Affected Products

References · 5