github - ghsa-rxjf-96xg-p55g

ghsa-rxjf-96xg-p55g

Vulnerability from github

Published

2022-05-17 05:19

Modified

2022-05-17 05:19

Details

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-4494"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-10-31T16:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.",
  "id": "GHSA-rxjf-96xg-p55g",
  "modified": "2022-05-17T05:19:30Z",
  "published": "2022-05-17T05:19:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4494"
    },
    {
      "type": "WEB",
      "url": "http://drupal.org/node/1493244"
    },
    {
      "type": "WEB",
      "url": "http://drupal.org/node/1719392"
    },
    {
      "type": "WEB",
      "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2012-4494

Vulnerability from cvelistv5

Published

2012-10-31 16:00

Modified

2024-09-17 01:41

Severity ?

Summary

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2012/10/04/6	mailing-list, x_refsource_MLIST
	http://drupal.org/node/1493244	x_refsource_CONFIRM
	http://drupal.org/node/1719392	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2012/10/07/1	mailing-list, x_refsource_MLIST
	http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1493244"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://drupal.org/node/1719392"
          },
          {
            "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T16:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupal.org/node/1493244"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://drupal.org/node/1719392"
        },
        {
          "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4494",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
            },
            {
              "name": "http://drupal.org/node/1493244",
              "refsource": "CONFIRM",
              "url": "http://drupal.org/node/1493244"
            },
            {
              "name": "http://drupal.org/node/1719392",
              "refsource": "MISC",
              "url": "http://drupal.org/node/1719392"
            },
            {
              "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
            },
            {
              "name": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a",
              "refsource": "CONFIRM",
              "url": "http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4494",
    "datePublished": "2012-10-31T16:00:00Z",
    "dateReserved": "2012-08-21T00:00:00Z",
    "dateUpdated": "2024-09-17T01:41:46.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.