CVE-2012-2153

Published: Oct 1, 2012Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.

Affected (30)

Products: Drupal: Drupal

Drupal

1 product

Drupal

Configuration A

30 vulnerable

Vulnerable Software	Affected Versions
Drupal Drupal	Version 7.0
Drupal Drupal	Version 7.0 alpha1
Drupal Drupal	Version 7.0 alpha2
Drupal Drupal	Version 7.0 alpha3
Drupal Drupal	Version 7.0 alpha4
Drupal Drupal	Version 7.0 alpha5
Drupal Drupal	Version 7.0 alpha6
Drupal Drupal	Version 7.0 alpha7
Drupal Drupal	Version 7.0 beta1
Drupal Drupal	Version 7.0 beta2
Drupal Drupal	Version 7.0 beta3
Drupal Drupal	Version 7.0 dev
Drupal Drupal	Version 7.0 rc1
Drupal Drupal	Version 7.0 rc2
Drupal Drupal	Version 7.0 rc3
Drupal Drupal	Version 7.0 rc4
Drupal Drupal	Version 7.10
Drupal Drupal	Version 7.11
Drupal Drupal	Version 7.12
Drupal Drupal	Version 7.13
Drupal Drupal	Version 7.1
Drupal Drupal	Version 7.2
Drupal Drupal	Version 7.3
Drupal Drupal	Version 7.4
Drupal Drupal	Version 7.5
Drupal Drupal	Version 7.6
Drupal Drupal	Version 7.7
Drupal Drupal	Version 7.8
Drupal Drupal	Version 7.9
Drupal Drupal	Version 7.x-dev