The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link.
References
Link | Resource |
---|---|
http://drupal.org/node/1289292 | Patch |
http://drupal.org/node/1289294 | Patch |
http://www.openwall.com/lists/oss-security/2012/11/29/2 | |
http://drupal.org/node/1853244 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Information
Published : 2012-12-26 09:55
Updated : 2012-12-26 21:00
NVD link : CVE-2012-5589
Mitre link : CVE-2012-5589
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
netgenius
- multilink
drupal
- drupal