CVE-2012-5557
First published: Mon Dec 03 2012(Updated: )
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| User Read-only Project User Readonly | =6.x-1.0 | |
| User Read-only Project User Readonly | =6.x-1.1 | |
| User Read-only Project User Readonly | =6.x-1.2 | |
| User Read-only Project User Readonly | =6.x-1.3 | |
| User Read-only Project User Readonly | =6.x-1.x-dev | |
| User Read-only Project User Readonly | =7.x-1.0 | |
| User Read-only Project User Readonly | =7.x-1.1 | |
| User Read-only Project User Readonly | =7.x-1.2 | |
| User Read-only Project User Readonly | =7.x-1.3 | |
| User Read-only Project User Readonly | =7.x-1.x-dev | |
| Drupal Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-5557?
CVE-2012-5557 has been classified as a moderate severity vulnerability due to its potential to allow privilege escalation.
How do I fix CVE-2012-5557?
To fix CVE-2012-5557, update the User Read-Only module to version 6.x-1.4 or 7.x-1.4 or later.
Who is affected by CVE-2012-5557?
CVE-2012-5557 affects installations of the User Read-Only module versions 6.x-1.0 through 6.x-1.3 and 7.x-1.0 through 7.x-1.3.
What specific configurations make CVE-2012-5557 exploitable?
CVE-2012-5557 is exploitable in sites with more than three roles and specific administrative configurations that are not fully specified.
What are the potential impacts of CVE-2012-5557?
The potential impacts of CVE-2012-5557 include unauthorized privilege escalation for remote authenticated users.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/user read-only project
- canonical/user read-only project user readonly
- version/user read-only project user readonly/6.x-1.0
- version/user read-only project user readonly/6.x-1.1
- version/user read-only project user readonly/6.x-1.2
- version/user read-only project user readonly/6.x-1.3
- version/user read-only project user readonly/6.x-1.x-dev
- version/user read-only project user readonly/7.x-1.0
- version/user read-only project user readonly/7.x-1.1
- version/user read-only project user readonly/7.x-1.2
- version/user read-only project user readonly/7.x-1.3
- version/user read-only project user readonly/7.x-1.x-dev
- vendor/drupal
- canonical/drupal drupal