CVE-2012-2153
Drupal improper access restrictions
EPSS 0.43%
Description
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
How to fix CVE-2012-2153
To remediate CVE-2012-2153, upgrade the affected package to a fixed version below.
- Packagist/drupal/drupal—upgrade to 7.14 or later
Is CVE-2012-2153 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 7.0, < 7.14