What is the severity of CVE-2012-4487?

CVE-2012-4487 is classified as a medium severity vulnerability due to improper permission checks.

How do I fix CVE-2012-4487?

To fix CVE-2012-4487, upgrade the Subuser module to version 6.x-1.8 or later.

What systems are affected by CVE-2012-4487?

CVE-2012-4487 affects the Subuser module for Drupal versions prior to 6.x-1.8.

Who can exploit CVE-2012-4487?

Remote authenticated parent users can exploit CVE-2012-4487 to change their roles by switching to a subuser.

What does CVE-2012-4487 allow an attacker to do?

CVE-2012-4487 allows attacker parent users to gain unauthorized privilege by switching roles with subusers they created.

Vulnerability/
CVE-2012-4487

medium

CWE

264

2/11/2012

5/11/2012

CVE-2012-4487

First published: Fri Nov 02 2012(Updated: )

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Boombatower Subuser	<=6.x-1.7
Boombatower Subuser	=6.x-1.0
Boombatower Subuser	=6.x-1.1
Boombatower Subuser	=6.x-1.2
Boombatower Subuser	=6.x-1.3
Boombatower Subuser	=6.x-1.4
Boombatower Subuser	=6.x-1.5
Boombatower Subuser	=6.x-1.6
Boombatower Subuser	=6.x-1.x-dev
Drupal Drupal

Remedy

http://drupal.org/node/1700550

Remedy

http://drupal.org/node/1700584

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-4487?
CVE-2012-4487 is classified as a medium severity vulnerability due to improper permission checks.
How do I fix CVE-2012-4487?
To fix CVE-2012-4487, upgrade the Subuser module to version 6.x-1.8 or later.
What systems are affected by CVE-2012-4487?
CVE-2012-4487 affects the Subuser module for Drupal versions prior to 6.x-1.8.
Who can exploit CVE-2012-4487?
Remote authenticated parent users can exploit CVE-2012-4487 to change their roles by switching to a subuser.
What does CVE-2012-4487 allow an attacker to do?
CVE-2012-4487 allows attacker parent users to gain unauthorized privilege by switching roles with subusers they created.

collector/nvd-index
vendor/boombatower
canonical/boombatower subuser
version/boombatower subuser/6.x-1.7
version/boombatower subuser/6.x-1.0
version/boombatower subuser/6.x-1.1
version/boombatower subuser/6.x-1.2
version/boombatower subuser/6.x-1.3
version/boombatower subuser/6.x-1.4
version/boombatower subuser/6.x-1.5
version/boombatower subuser/6.x-1.6
version/boombatower subuser/6.x-1.x-dev
vendor/drupal
canonical/drupal drupal

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2012-4487?
CVE-2012-4487 is classified as a medium severity vulnerability due to improper permission checks.
How do I fix CVE-2012-4487?
To fix CVE-2012-4487, upgrade the Subuser module to version 6.x-1.8 or later.
What systems are affected by CVE-2012-4487?
CVE-2012-4487 affects the Subuser module for Drupal versions prior to 6.x-1.8.
Who can exploit CVE-2012-4487?
Remote authenticated parent users can exploit CVE-2012-4487 to change their roles by switching to a subuser.
What does CVE-2012-4487 allow an attacker to do?
CVE-2012-4487 allows attacker parent users to gain unauthorized privilege by switching roles with subusers they created.