OSVDB ID: 83717

Title: Commons Module for Drupal Recent Comment Listing Access Restriction Bypass

Info

Disclosure

Jul 11, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 11, 2012

Description

Commons Module for Drupal contains a flaw that is triggered during the listing of recent comments. This may allow an attacker to bypass restrictions and gain access to restricted comments.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to version 6.x-2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Ezra Barnett Gildesgame

Commons Module for Drupal

6.x-2.7

References

CVE ID: 2012-4483 (see also: NVD)
Secunia Advisory ID: 49867
Vendor Specific Advisory URL: http://drupal.org/node/1679888
Vendor Specific News/Changelog Entry: http://drupal.org/node/1679908
http://drupalcode.org/project/commons.git/commitdiff/8ef688b
Other Advisory URL: http://www.openwall.com/lists/oss-security/2012/10/04/6
http://www.openwall.com/lists/oss-security/2012/10/07/1

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/83717