CVE-2012-2296

The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/1515114	Patch
http://drupal.org/node/1515120	Patch
http://drupal.org/node/1515282	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/04/10/12
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/74616
http://drupal.org/node/1515114	Patch
http://drupal.org/node/1515120	Patch
http://drupal.org/node/1515282	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/04/10/12
http://www.openwall.com/lists/oss-security/2012/05/03/1
http://www.openwall.com/lists/oss-security/2012/05/03/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/74616

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:janrain:rpx:6.x-1.0:beta1::::::
	cpe:2.3:a:janrain:rpx:6.x-1.0:dev::::::
	cpe:2.3:a:janrain:rpx:6.x-1.0:rc1::::::
	cpe:2.3:a:janrain:rpx:6.x-1.0:rc2::::::
	cpe:2.3:a:janrain:rpx:6.x-1.1:rc2::::::
	cpe:2.3:a:janrain:rpx:6.x-1.2:::::::*
	cpe:2.3:a:janrain:rpx:6.x-1.2:rc2::::::
	cpe:2.3:a:janrain:rpx:6.x-1.3:::::::*
	cpe:2.3:a:janrain:rpx:6.x-1.4:::::::*
	cpe:2.3:a:janrain:rpx:6.x-2.1:::::::*
	cpe:2.3:a:janrain:rpx:6.x-2.1:beta1::::::
	cpe:2.3:a:janrain:rpx:6.x-2.1:beta2::::::
	cpe:2.3:a:janrain:rpx:6.x-2.1:beta3::::::
	cpe:2.3:a:janrain:rpx:6.x-2.1:dev::::::
	cpe:2.3:a:janrain:rpx:6.x-2.1:rc1::::::
	cpe:2.3:a:janrain:rpx:7.x-2.0:::::::*
	cpe:2.3:a:janrain:rpx:7.x-2.1:::::::*
	cpe:2.3:a:janrain:rpx:7.x-2.1:beta1::::::
	cpe:2.3:a:janrain:rpx:7.x-2.1:beta2::::::
	cpe:2.3:a:janrain:rpx:7.x-2.1:beta3::::::
	cpe:2.3:a:janrain:rpx:7.x-2.1:rc1::::::
	cpe:2.3:a:janrain:rpx:7.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:38

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/1515114 - Patch~~	() http://drupal.org/node/1515114 - Patch
References	~~() http://drupal.org/node/1515120 - Patch~~	() http://drupal.org/node/1515120 - Patch
References	~~() http://drupal.org/node/1515282 - Patch, Vendor Advisory~~	() http://drupal.org/node/1515282 - Patch, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2012/04/10/12 -~~	() http://www.openwall.com/lists/oss-security/2012/04/10/12 -
References	~~() http://www.openwall.com/lists/oss-security/2012/05/03/1 -~~	() http://www.openwall.com/lists/oss-security/2012/05/03/1 -
References	~~() http://www.openwall.com/lists/oss-security/2012/05/03/2 -~~	() http://www.openwall.com/lists/oss-security/2012/05/03/2 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/74616 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/74616 -

Information

Published : 2012-07-25 21:55

Updated : 2024-11-21 01:38

NVD link : CVE-2012-2296

Mitre link : CVE-2012-2296

CVE.ORG link : CVE-2012-2296

JSON object : View

Products Affected

drupal

drupal

janrain

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.0 /10