CVE-2012-2722
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
La interfaz de selección de nodos en el editor WYSIWYG (CKEditor) en Node Embed module v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x, anterior a v7.x-1.0 para Drupal no comprueba correctamente los permisos y permite a atacantes remotos eludir restricciones de acceso y destinados a leer los tÃtulos de los nodos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-05-14 CVE Reserved
- 2012-06-27 CVE Published
- 2023-03-14 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | Mailing List |
|
| http://www.osvdb.org/82735 | Vdb Entry | |
| http://www.securityfocus.com/bid/53835 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76148 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c | 2024-08-06 | |
| http://drupalcode.org/project/node_embed.git/commitdiff/d06f022 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1618428 | 2017-08-29 | |
| http://drupal.org/node/1618430 | 2017-08-29 | |
| http://drupal.org/node/1619824 | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/48348 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 6.x-1.0 Search vendor "Scott Reynen" for product "Node Embed" and version "6.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 6.x-1.1 Search vendor "Scott Reynen" for product "Node Embed" and version "6.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 6.x-1.2 Search vendor "Scott Reynen" for product "Node Embed" and version "6.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 6.x-1.3 Search vendor "Scott Reynen" for product "Node Embed" and version "6.x-1.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 6.x-1.4 Search vendor "Scott Reynen" for product "Node Embed" and version "6.x-1.4" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 7.x-1.0 Search vendor "Scott Reynen" for product "Node Embed" and version "7.x-1.0" | rc1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 7.x-1.0 Search vendor "Scott Reynen" for product "Node Embed" and version "7.x-1.0" | rc2 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Scott Reynen Search vendor "Scott Reynen" | Node Embed Search vendor "Scott Reynen" for product "Node Embed" | 7.x-1.x Search vendor "Scott Reynen" for product "Node Embed" and version "7.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|