Vulnerability Details CVE-2012-2720
The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://drupal.org/node/1618476
- http://drupal.org/node/1619808
- http://secunia.com/advisories/49400
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82727
- http://www.securityfocus.com/bid/53840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76141
- http://drupal.org/node/1618476
- http://drupal.org/node/1619808
- http://secunia.com/advisories/49400
- http://www.openwall.com/lists/oss-security/2012/06/14/3
- http://www.osvdb.org/82727
- http://www.securityfocus.com/bid/53840
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76141
Products affected by CVE-2012-2720
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.0
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.1
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.3
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.4
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.5
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.6
-
cpe:2.3:a:adam_ross:tokenauth:6.x-1.x
-
cpe:2.3:a:drupal:drupal:-