github - ghsa-jwmf-6p4j-pp9v

ghsa-jwmf-6p4j-pp9v

Vulnerability from github

Published

2022-05-17 01:46

Modified

2022-05-17 01:46

Details

The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2304"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-08-14T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.",
  "id": "GHSA-jwmf-6p4j-pp9v",
  "modified": "2022-05-17T01:46:14Z",
  "published": "2022-05-17T01:46:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2304"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75183"
    },
    {
      "type": "WEB",
      "url": "http://drupal.org/node/1547716"
    },
    {
      "type": "WEB",
      "url": "http://drupal.org/node/1547738"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48900"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/81557"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53253"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2012-2304

Vulnerability from cvelistv5

Published

2012-08-14 22:00

Modified

2024-08-06 19:26

Severity ?

Summary

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/75183	vdb-entry, x_refsource_XF
	http://www.osvdb.org/81557	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/48900	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2012/05/03/2	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/53253	vdb-entry, x_refsource_BID
	http://drupal.org/node/1547716	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2012/05/03/1	mailing-list, x_refsource_MLIST
	http://drupal.org/node/1547738	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:09.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "linkit-search-security-bypass(75183)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75183"
          },
          {
            "name": "81557",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/81557"
          },
          {
            "name": "48900",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48900"
          },
          {
            "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
          },
          {
            "name": "53253",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1547716"
          },
          {
            "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1547738"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "linkit-search-security-bypass(75183)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75183"
        },
        {
          "name": "81557",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/81557"
        },
        {
          "name": "48900",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48900"
        },
        {
          "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
        },
        {
          "name": "53253",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/1547716"
        },
        {
          "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://drupal.org/node/1547738"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2304",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "linkit-search-security-bypass(75183)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75183"
            },
            {
              "name": "81557",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/81557"
            },
            {
              "name": "48900",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48900"
            },
            {
              "name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
            },
            {
              "name": "53253",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53253"
            },
            {
              "name": "http://drupal.org/node/1547716",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/1547716"
            },
            {
              "name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
            },
            {
              "name": "http://drupal.org/node/1547738",
              "refsource": "MISC",
              "url": "http://drupal.org/node/1547738"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2304",
    "datePublished": "2012-08-14T22:00:00",
    "dateReserved": "2012-04-19T00:00:00",
    "dateUpdated": "2024-08-06T19:26:09.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted