CVE-2012-4473
First published: Fri Nov 30 2012(Updated: )
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Christian Johansson Restrict Node Page View | =7.x-1.0 | |
| Christian Johansson Restrict Node Page View | =7.x-1.1 | |
| Drupal Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4473?
CVE-2012-4473 is considered a moderate severity vulnerability due to the risk of unauthorized access to unpublished nodes.
How do I fix CVE-2012-4473?
You can fix CVE-2012-4473 by updating the Restrict Node Page View module to version 7.x-1.2 or later.
Who is affected by CVE-2012-4473?
CVE-2012-4473 affects Drupal users who have installed the Restrict Node Page View module versions 7.x-1.0 and 7.x-1.1.
What type of users can exploit CVE-2012-4473?
Remote authenticated users with specific permissions can exploit CVE-2012-4473 to view unpublished content.
Is there a patch available for CVE-2012-4473?
Yes, a patch is available as part of the upgrade to Restrict Node Page View module version 7.x-1.2.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/christian johansson
- canonical/christian johansson restrict node page view
- version/christian johansson restrict node page view/7.x-1.0
- version/christian johansson restrict node page view/7.x-1.1
- vendor/drupal
- canonical/drupal drupal