CVE-2012-4473 - Vulnerability Details - OpenCVE

The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Christian Johansson	Restrict Node Page View
Drupal	Drupal

Configuration 1 [-]

AND

OR	cpe:2.3:a:christian_johansson:restrict_node_page_view:7.x-1.0:::::::*
	cpe:2.3:a:christian_johansson:restrict_node_page_view:7.x-1.1:::::::*

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/1662724
http://drupal.org/node/1679466
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54407

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-30T22:00:00

Updated: 2024-08-06T20:35:09.571Z

Reserved: 2012-08-21T00:00:00

Link: CVE-2012-4473

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-11-30T22:55:01.080

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4473

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"view any node page\" or \"view any node {type} page\" permission to access unpublished nodes via a direct request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-01-29T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"tags": ["x_refsource_MISC"], "url": "http://drupal.org/node/1679466"}, {"name": "54407", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/54407"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/1662724"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"view any node page\" or \"view any node {type} page\" permission to access unpublished nodes via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"name": "http://drupal.org/node/1679466", "refsource": "MISC", "url": "http://drupal.org/node/1679466"}, {"name": "54407", "refsource": "BID", "url": "http://www.securityfocus.com/bid/54407"}, {"name": "http://drupal.org/node/1662724", "refsource": "CONFIRM", "url": "http://drupal.org/node/1662724"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.571Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://drupal.org/node/1679466"}, {"name": "54407", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/54407"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/1662724"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4473", "datePublished": "2012-11-30T22:00:00", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:35:09.571Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:christian_johansson:restrict_node_page_view:7.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4544F7-9C22-4BC2-BF69-70EAC444BAB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:christian_johansson:restrict_node_page_view:7.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8BB5B6A4-F708-4A6F-AD84-4FB164D963C5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"view any node page\" or \"view any node {type} page\" permission to access unpublished nodes via a direct request."}, {"lang": "es", "value": "El m\u00f3dulo de vista de p\u00e1gina de nodo restringidos (\"Restrict node page view module\") v7.x-1.x antes de v7.x-1.2 para Drupal permite a usuarios remotos autenticados con los permisos \"ver cualquier nodo de p\u00e1gina\" o \"ver pagina de cualquier {tipo de} nodo\" permite acceder a los nodos no publicados a trav\u00e9s de un solicitud directa.\r\n"}], "id": "CVE-2012-4473", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-11-30T22:55:01.080", "references": [{"source": "secalert@redhat.com", "url": "http://drupal.org/node/1662724"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1679466"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/54407"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://drupal.org/node/1662724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/1679466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/54407"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}