CVE-2012-1590
Published: 1 October 2012
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Priority
Status
Package | Release | Status |
---|---|---|
drupal5 Launchpad, Ubuntu, Debian |
vivid |
Does not exist
|
wily |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
drupal7 Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(7.14-1)
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(7.14-1)
|
|
raring |
Not vulnerable
(7.14-1)
|
|
saucy |
Not vulnerable
(7.14-1)
|
|
trusty |
Not vulnerable
(7.14-1)
|
|
upstream |
Released
(7.14)
|
|
utopic |
Not vulnerable
(7.14-1)
|
|
wily |
Not vulnerable
(7.14-1)
|
|
xenial |
Not vulnerable
(7.14-1)
|
|
yakkety |
Not vulnerable
(7.14-1)
|
|
zesty |
Not vulnerable
(7.14-1)
|
|
drupal6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|