CVE-2012-0827
First published: Mon Oct 28 2013(Updated: )
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Drupal | =7.0 | |
| Drupal Drupal | =7.0-alpha1 | |
| Drupal Drupal | =7.0-alpha2 | |
| Drupal Drupal | =7.0-alpha3 | |
| Drupal Drupal | =7.0-alpha4 | |
| Drupal Drupal | =7.0-alpha5 | |
| Drupal Drupal | =7.0-alpha6 | |
| Drupal Drupal | =7.0-alpha7 | |
| Drupal Drupal | =7.0-beta1 | |
| Drupal Drupal | =7.0-beta2 | |
| Drupal Drupal | =7.0-beta3 | |
| Drupal Drupal | =7.0-dev | |
| Drupal Drupal | =7.0-rc1 | |
| Drupal Drupal | =7.0-rc2 | |
| Drupal Drupal | =7.0-rc3 | |
| Drupal Drupal | =7.0-rc4 | |
| Drupal Drupal | =7.1 | |
| Drupal Drupal | =7.2 | |
| Drupal Drupal | =7.3 | |
| Drupal Drupal | =7.4 | |
| Drupal Drupal | =7.5 | |
| Drupal Drupal | =7.6 | |
| Drupal Drupal | =7.7 | |
| Drupal Drupal | =7.8 | |
| Drupal Drupal | =7.9 | |
| Drupal Drupal | =7.10 | |
| Drupal Drupal | =7.x-dev |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0827?
CVE-2012-0827 has a severity rating that indicates a risk of unauthorized access to private files for authenticated users.
How do I fix CVE-2012-0827?
To fix CVE-2012-0827, upgrade your Drupal installation to version 7.11 or later.
Who is affected by CVE-2012-0827?
Authenticated users in Drupal 7.x versions prior to 7.11 that use unspecified field access modules are affected by CVE-2012-0827.
What types of files are vulnerable in CVE-2012-0827?
CVE-2012-0827 allows access to arbitrary private files associated with restricted fields.
When was CVE-2012-0827 reported?
CVE-2012-0827 was reported prior to the release of Drupal version 7.11, highlighting vulnerabilities in earlier 7.x versions.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/drupal
- canonical/drupal drupal
- version/drupal drupal/7.0
- version/drupal drupal/7.0-alpha1
- version/drupal drupal/7.0-alpha2
- version/drupal drupal/7.0-alpha3
- version/drupal drupal/7.0-alpha4
- version/drupal drupal/7.0-alpha5
- version/drupal drupal/7.0-alpha6
- version/drupal drupal/7.0-alpha7
- version/drupal drupal/7.0-beta1
- version/drupal drupal/7.0-beta2
- version/drupal drupal/7.0-beta3
- version/drupal drupal/7.0-dev
- version/drupal drupal/7.0-rc1
- version/drupal drupal/7.0-rc2
- version/drupal drupal/7.0-rc3
- version/drupal drupal/7.0-rc4
- version/drupal drupal/7.1
- version/drupal drupal/7.2
- version/drupal drupal/7.3
- version/drupal drupal/7.4
- version/drupal drupal/7.5
- version/drupal drupal/7.6
- version/drupal drupal/7.7
- version/drupal drupal/7.8
- version/drupal drupal/7.9
- version/drupal drupal/7.10
- version/drupal drupal/7.x-dev