Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1590

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Related bugs and status

CVE-2012-1590 (Candidate) is related to these bugs:

Bug #1031028: Drupal 7.14 is latest stable, 7.12 is old.

		In	Importance	Status
1031028	Drupal 7.14 is latest stable, 7.12 is old.	drupal7 (Ubuntu)	Undecided	Invalid
1031028	Drupal 7.14 is latest stable, 7.12 is old.	drupal7 (Ubuntu Precise)	Medium	Invalid
1031028	Drupal 7.14 is latest stable, 7.12 is old.	drupal7 (Ubuntu Quantal)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://drupal.org/drup...
CONFIRM: http://drupal.org/node...
CONFIRM: http://drupal.org/node...
CONFIRM: http://drupalcode.org/...
BID: 53359
SECUNIA: 49012
MANDRIVA: MDVSA-2013:074